prowler-logo
Report Information
  • Version: 3.0.1
  • Parameters used: aws
  • Date: 2022-12-29T15:58:44.872740
AWS Assessment Summary
  • AWS Account: 207592916039
  • AWS-CLI Profile: ENV
  • Audited Regions: All Regions
AWS Credentials
  • User Id: AIDATAVMAQRDSRCVLWTPB
  • Caller Identity ARN: arn:aws:iam::207592916039:user/haritha.e@avanzegroup.com
Assessment Overview
  • Total Findings: 4630
  • Passed: 3317
  • Failed: 1313
  • Total Resources: 1117
Status Severity Service Name Region Check Title Resource ID Check Description Check ID Status Extended Risk Recomendation Recomendation URL
FAIL low accessanalyzer ap-northeast-1 Check if IAM Access Analyzer is enabled without findings 207592916039 Check if IAM Access Analyzer is enabled without findings accessanalyzer_enabled_without_findings IAM Access Analyzer is not enabled

AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy.

Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).

FAIL low accessanalyzer ap-northeast-2 Check if IAM Access Analyzer is enabled without findings 207592916039 Check if IAM Access Analyzer is enabled without findings accessanalyzer_enabled_without_findings IAM Access Analyzer is not enabled

AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy.

Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).

FAIL low accessanalyzer ap-northeast-3 Check if IAM Access Analyzer is enabled without findings 207592916039 Check if IAM Access Analyzer is enabled without findings accessanalyzer_enabled_without_findings IAM Access Analyzer is not enabled

AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy.

Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).

FAIL low accessanalyzer ap-south-1 Check if IAM Access Analyzer is enabled without findings 207592916039 Check if IAM Access Analyzer is enabled without findings accessanalyzer_enabled_without_findings IAM Access Analyzer is not enabled

AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy.

Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).

FAIL low accessanalyzer ap-southeast-1 Check if IAM Access Analyzer is enabled without findings 207592916039 Check if IAM Access Analyzer is enabled without findings accessanalyzer_enabled_without_findings IAM Access Analyzer is not enabled

AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy.

Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).

FAIL low accessanalyzer ap-southeast-2 Check if IAM Access Analyzer is enabled without findings 207592916039 Check if IAM Access Analyzer is enabled without findings accessanalyzer_enabled_without_findings IAM Access Analyzer is not enabled

AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy.

Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).

FAIL low accessanalyzer ca-central-1 Check if IAM Access Analyzer is enabled without findings 207592916039 Check if IAM Access Analyzer is enabled without findings accessanalyzer_enabled_without_findings IAM Access Analyzer is not enabled

AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy.

Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).

FAIL low accessanalyzer eu-central-1 Check if IAM Access Analyzer is enabled without findings 207592916039 Check if IAM Access Analyzer is enabled without findings accessanalyzer_enabled_without_findings IAM Access Analyzer is not enabled

AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy.

Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).

FAIL low accessanalyzer eu-north-1 Check if IAM Access Analyzer is enabled without findings 207592916039 Check if IAM Access Analyzer is enabled without findings accessanalyzer_enabled_without_findings IAM Access Analyzer is not enabled

AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy.

Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).

FAIL low accessanalyzer eu-west-1 Check if IAM Access Analyzer is enabled without findings 207592916039 Check if IAM Access Analyzer is enabled without findings accessanalyzer_enabled_without_findings IAM Access Analyzer is not enabled

AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy.

Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).

FAIL low accessanalyzer eu-west-2 Check if IAM Access Analyzer is enabled without findings 207592916039 Check if IAM Access Analyzer is enabled without findings accessanalyzer_enabled_without_findings IAM Access Analyzer is not enabled

AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy.

Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).

FAIL low accessanalyzer eu-west-3 Check if IAM Access Analyzer is enabled without findings 207592916039 Check if IAM Access Analyzer is enabled without findings accessanalyzer_enabled_without_findings IAM Access Analyzer is not enabled

AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy.

Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).

FAIL low accessanalyzer sa-east-1 Check if IAM Access Analyzer is enabled without findings 207592916039 Check if IAM Access Analyzer is enabled without findings accessanalyzer_enabled_without_findings IAM Access Analyzer is not enabled

AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy.

Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).

FAIL low accessanalyzer us-east-1 Check if IAM Access Analyzer is enabled without findings 207592916039 Check if IAM Access Analyzer is enabled without findings accessanalyzer_enabled_without_findings IAM Access Analyzer is not enabled

AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy.

Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).

FAIL low accessanalyzer us-east-2 Check if IAM Access Analyzer is enabled without findings 207592916039 Check if IAM Access Analyzer is enabled without findings accessanalyzer_enabled_without_findings IAM Access Analyzer is not enabled

AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy.

Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).

FAIL low accessanalyzer us-west-1 Check if IAM Access Analyzer is enabled without findings 207592916039 Check if IAM Access Analyzer is enabled without findings accessanalyzer_enabled_without_findings IAM Access Analyzer is not enabled

AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy.

Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).

FAIL low accessanalyzer us-west-2 Check if IAM Access Analyzer is enabled without findings 207592916039 Check if IAM Access Analyzer is enabled without findings accessanalyzer_enabled_without_findings IAM Access Analyzer is not enabled

AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses a form of mathematical analysis called automated reasoning, which applies logic and mathematical inference to determine all possible access paths allowed by a resource policy.

Enable IAM Access Analyzer for all accounts, create analyzer and take action over it is recommendations (IAM Access Analyzer is available at no additional cost).

INFO medium account ap-south-1 Maintain current contact details. 207592916039 Maintain current contact details. account_maintain_current_contact_details Manual check: Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Contact Information.

Ensure contact email and telephone details for AWS accounts are current and map to more than one individual in your organization. An AWS account supports a number of contact details; and AWS will use these to contact the account owner if activity judged to be in breach of Acceptable Use Policy. If an AWS account is observed to be behaving in a prohibited or suspicious manner; AWS will attempt to contact the account owner by email and phone using the contact details listed. If this is unsuccessful and the account behavior needs urgent mitigation; proactive measures may be taken; including throttling of traffic between the account exhibiting suspicious behavior and the AWS API endpoints and the Internet. This will result in impaired service to and from the account in question.

Using the Billing and Cost Management console complete contact details.

INFO medium account ap-south-1 Ensure security contact information is registered. 207592916039 Ensure security contact information is registered. account_security_contact_information_is_registered Manual check: Login to the AWS Console. Choose your account name on the top right of the window -> My Account -> Alternate Contacts -> Security Section.

AWS provides customers with the option of specifying the contact information for accounts security team. It is recommended that this information be provided. Specifying security-specific contact information will help ensure that security advisories sent by AWS reach the team in your organization that is best equipped to respond to them.

Go to the My Account section and complete alternate contacts.

INFO medium account ap-south-1 Ensure security questions are registered in the AWS account. 207592916039 Ensure security questions are registered in the AWS account. account_security_questions_are_registered_in_the_aws_account Manual check: Login to the AWS Console as root. Choose your account name on the top right of the window -> My Account -> Configure Security Challenge Questions.

The AWS support portal allows account owners to establish security questions that can be used to authenticate individuals calling AWS customer service for support. It is recommended that security questions be established. When creating a new AWS account a default super user is automatically created. This account is referred to as the root account. It is recommended that the use of this account be limited and highly controlled. During events in which the root password is no longer accessible or the MFA token associated with root is lost/destroyed it is possible through authentication using secret questions and associated answers to recover root login access.

Login as root account and from My Account configure Security questions.

FAIL high acm ap-south-1 Check if ACM Certificates are about to expire in specific days or less *.fugoone.com Check if ACM Certificates are about to expire in specific days or less acm_certificates_expiration_check ACM Certificate for *.fugoone.com is about to expire in 7 days.

Expired certificates can impact service availability.

Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check.

FAIL high acm ap-south-1 Check if ACM Certificates are about to expire in specific days or less *.fugoone.com Check if ACM Certificates are about to expire in specific days or less acm_certificates_expiration_check ACM Certificate for *.fugoone.com is about to expire in 7 days.

Expired certificates can impact service availability.

Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check.

PASS high acm ap-south-1 Check if ACM Certificates are about to expire in specific days or less demoaudit.fugoone.com Check if ACM Certificates are about to expire in specific days or less acm_certificates_expiration_check ACM Certificate for demoaudit.fugoone.com expires in 17 days.

Expired certificates can impact service availability.

Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check.

PASS high acm ap-south-1 Check if ACM Certificates are about to expire in specific days or less stagingknowfugo.fugoone.com Check if ACM Certificates are about to expire in specific days or less acm_certificates_expiration_check ACM Certificate for stagingknowfugo.fugoone.com expires in 85 days.

Expired certificates can impact service availability.

Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check.

PASS high acm ap-south-1 Check if ACM Certificates are about to expire in specific days or less fltitle.fugoone.com Check if ACM Certificates are about to expire in specific days or less acm_certificates_expiration_check ACM Certificate for fltitle.fugoone.com expires in 92 days.

Expired certificates can impact service availability.

Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check.

PASS high acm ap-south-1 Check if ACM Certificates are about to expire in specific days or less demo.fugoone.com Check if ACM Certificates are about to expire in specific days or less acm_certificates_expiration_check ACM Certificate for demo.fugoone.com expires in 105 days.

Expired certificates can impact service availability.

Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check.

PASS high acm ap-south-1 Check if ACM Certificates are about to expire in specific days or less newexample.fugoone.com Check if ACM Certificates are about to expire in specific days or less acm_certificates_expiration_check ACM Certificate for newexample.fugoone.com expires in 107 days.

Expired certificates can impact service availability.

Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check.

PASS high acm ap-south-1 Check if ACM Certificates are about to expire in specific days or less example.fugoone.com Check if ACM Certificates are about to expire in specific days or less acm_certificates_expiration_check ACM Certificate for example.fugoone.com expires in 107 days.

Expired certificates can impact service availability.

Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check.

PASS high acm ap-south-1 Check if ACM Certificates are about to expire in specific days or less title.fugoone.com Check if ACM Certificates are about to expire in specific days or less acm_certificates_expiration_check ACM Certificate for title.fugoone.com expires in 178 days.

Expired certificates can impact service availability.

Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check.

PASS high acm ap-south-1 Check if ACM Certificates are about to expire in specific days or less vapt1.fugoone.com Check if ACM Certificates are about to expire in specific days or less acm_certificates_expiration_check ACM Certificate for vapt1.fugoone.com expires in 183 days.

Expired certificates can impact service availability.

Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check.

PASS high acm ap-south-1 Check if ACM Certificates are about to expire in specific days or less *.fugoone.com Check if ACM Certificates are about to expire in specific days or less acm_certificates_expiration_check ACM Certificate for *.fugoone.com expires in 192 days.

Expired certificates can impact service availability.

Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check.

PASS high acm ap-south-1 Check if ACM Certificates are about to expire in specific days or less api.fugoone.com Check if ACM Certificates are about to expire in specific days or less acm_certificates_expiration_check ACM Certificate for api.fugoone.com expires in 196 days.

Expired certificates can impact service availability.

Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check.

PASS high acm ap-south-1 Check if ACM Certificates are about to expire in specific days or less fugoone.com Check if ACM Certificates are about to expire in specific days or less acm_certificates_expiration_check ACM Certificate for fugoone.com expires in 269 days.

Expired certificates can impact service availability.

Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check.

PASS high acm ap-south-1 Check if ACM Certificates are about to expire in specific days or less dr.fugoone.com Check if ACM Certificates are about to expire in specific days or less acm_certificates_expiration_check ACM Certificate for dr.fugoone.com expires in 287 days.

Expired certificates can impact service availability.

Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check.

PASS high acm ap-south-1 Check if ACM Certificates are about to expire in specific days or less knowfugo.fugoone.com Check if ACM Certificates are about to expire in specific days or less acm_certificates_expiration_check ACM Certificate for knowfugo.fugoone.com expires in 328 days.

Expired certificates can impact service availability.

Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check.

PASS high acm ap-south-1 Check if ACM Certificates are about to expire in specific days or less staging.fugoone.com Check if ACM Certificates are about to expire in specific days or less acm_certificates_expiration_check ACM Certificate for staging.fugoone.com expires in 328 days.

Expired certificates can impact service availability.

Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check.

PASS high acm ap-south-1 Check if ACM Certificates are about to expire in specific days or less test.fugoone.com Check if ACM Certificates are about to expire in specific days or less acm_certificates_expiration_check ACM Certificate for test.fugoone.com expires in 356 days.

Expired certificates can impact service availability.

Monitor certificate expiration and take automated action to renew; replace or remove. Having shorter TTL for any security artifact is a general recommendation; but requires additional automation in place. If not longer required delete certificate. Use AWS config using the managed rule: acm-certificate-expiration-check.

PASS medium acm ap-south-1 Check if ACM certificates have Certificate Transparency logging enabled *.fugoone.com Check if ACM certificates have Certificate Transparency logging enabled acm_certificates_transparency_logs_enabled ACM Certificate for *.fugoone.com has Certificate Transparency logging enabled.

Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates.

Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail.

PASS medium acm ap-south-1 Check if ACM certificates have Certificate Transparency logging enabled *.fugoone.com Check if ACM certificates have Certificate Transparency logging enabled acm_certificates_transparency_logs_enabled ACM Certificate for *.fugoone.com has Certificate Transparency logging enabled.

Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates.

Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail.

PASS medium acm ap-south-1 Check if ACM certificates have Certificate Transparency logging enabled demoaudit.fugoone.com Check if ACM certificates have Certificate Transparency logging enabled acm_certificates_transparency_logs_enabled ACM Certificate for demoaudit.fugoone.com has Certificate Transparency logging enabled.

Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates.

Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail.

PASS medium acm ap-south-1 Check if ACM certificates have Certificate Transparency logging enabled stagingknowfugo.fugoone.com Check if ACM certificates have Certificate Transparency logging enabled acm_certificates_transparency_logs_enabled ACM Certificate for stagingknowfugo.fugoone.com has Certificate Transparency logging enabled.

Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates.

Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail.

PASS medium acm ap-south-1 Check if ACM certificates have Certificate Transparency logging enabled fltitle.fugoone.com Check if ACM certificates have Certificate Transparency logging enabled acm_certificates_transparency_logs_enabled ACM Certificate for fltitle.fugoone.com has Certificate Transparency logging enabled.

Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates.

Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail.

PASS medium acm ap-south-1 Check if ACM certificates have Certificate Transparency logging enabled demo.fugoone.com Check if ACM certificates have Certificate Transparency logging enabled acm_certificates_transparency_logs_enabled ACM Certificate for demo.fugoone.com has Certificate Transparency logging enabled.

Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates.

Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail.

PASS medium acm ap-south-1 Check if ACM certificates have Certificate Transparency logging enabled newexample.fugoone.com Check if ACM certificates have Certificate Transparency logging enabled acm_certificates_transparency_logs_enabled ACM Certificate for newexample.fugoone.com has Certificate Transparency logging enabled.

Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates.

Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail.

PASS medium acm ap-south-1 Check if ACM certificates have Certificate Transparency logging enabled example.fugoone.com Check if ACM certificates have Certificate Transparency logging enabled acm_certificates_transparency_logs_enabled ACM Certificate for example.fugoone.com has Certificate Transparency logging enabled.

Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates.

Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail.

PASS medium acm ap-south-1 Check if ACM certificates have Certificate Transparency logging enabled title.fugoone.com Check if ACM certificates have Certificate Transparency logging enabled acm_certificates_transparency_logs_enabled ACM Certificate for title.fugoone.com has Certificate Transparency logging enabled.

Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates.

Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail.

PASS medium acm ap-south-1 Check if ACM certificates have Certificate Transparency logging enabled vapt1.fugoone.com Check if ACM certificates have Certificate Transparency logging enabled acm_certificates_transparency_logs_enabled ACM Certificate for vapt1.fugoone.com has Certificate Transparency logging enabled.

Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates.

Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail.

PASS medium acm ap-south-1 Check if ACM certificates have Certificate Transparency logging enabled *.fugoone.com Check if ACM certificates have Certificate Transparency logging enabled acm_certificates_transparency_logs_enabled ACM Certificate for *.fugoone.com has Certificate Transparency logging enabled.

Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates.

Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail.

PASS medium acm ap-south-1 Check if ACM certificates have Certificate Transparency logging enabled api.fugoone.com Check if ACM certificates have Certificate Transparency logging enabled acm_certificates_transparency_logs_enabled ACM Certificate for api.fugoone.com has Certificate Transparency logging enabled.

Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates.

Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail.

PASS medium acm ap-south-1 Check if ACM certificates have Certificate Transparency logging enabled fugoone.com Check if ACM certificates have Certificate Transparency logging enabled acm_certificates_transparency_logs_enabled ACM Certificate for fugoone.com has Certificate Transparency logging enabled.

Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates.

Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail.

PASS medium acm ap-south-1 Check if ACM certificates have Certificate Transparency logging enabled dr.fugoone.com Check if ACM certificates have Certificate Transparency logging enabled acm_certificates_transparency_logs_enabled ACM Certificate for dr.fugoone.com has Certificate Transparency logging enabled.

Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates.

Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail.

PASS medium acm ap-south-1 Check if ACM certificates have Certificate Transparency logging enabled knowfugo.fugoone.com Check if ACM certificates have Certificate Transparency logging enabled acm_certificates_transparency_logs_enabled ACM Certificate for knowfugo.fugoone.com has Certificate Transparency logging enabled.

Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates.

Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail.

PASS medium acm ap-south-1 Check if ACM certificates have Certificate Transparency logging enabled staging.fugoone.com Check if ACM certificates have Certificate Transparency logging enabled acm_certificates_transparency_logs_enabled ACM Certificate for staging.fugoone.com has Certificate Transparency logging enabled.

Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates.

Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail.

PASS medium acm ap-south-1 Check if ACM certificates have Certificate Transparency logging enabled test.fugoone.com Check if ACM certificates have Certificate Transparency logging enabled acm_certificates_transparency_logs_enabled ACM Certificate for test.fugoone.com has Certificate Transparency logging enabled.

Domain owners can search the log to identify unexpected certificates, whether issued by mistake or malice. Domain owners can also identify Certificate Authorities (CAs) that are improperly issuing certificates.

Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail.

PASS critical autoscaling ap-south-1 Find secrets in EC2 Auto Scaling Launch Configuration FUGO-PRODUCTION-APP Find secrets in EC2 Auto Scaling Launch Configuration autoscaling_find_secrets_ec2_launch_configuration No secrets found in autoscaling FUGO-PRODUCTION-APP since User Data is empty.

The use of a hard-coded password increases the possibility of password guessing. If hard-coded passwords are used, it is possible that malicious users gain access through the account in question.

Do not include sensitive information in user data within the launch configuration, try to use Secrets Manager instead.

FAIL low lambda ap-south-1 Check if Lambda functions invoke API operations are being recorded by CloudTrail. DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE Check if Lambda functions invoke API operations are being recorded by CloudTrail. awslambda_function_invoke_api_operations_cloudtrail_logging_enabled Lambda function DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE is not recorded by CloudTrail

If logs are not enabled; monitoring of service use and threat analysis is not possible.

Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail.

FAIL low lambda us-west-2 Check if Lambda functions invoke API operations are being recorded by CloudTrail. Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 Check if Lambda functions invoke API operations are being recorded by CloudTrail. awslambda_function_invoke_api_operations_cloudtrail_logging_enabled Lambda function Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 is not recorded by CloudTrail

If logs are not enabled; monitoring of service use and threat analysis is not possible.

Make sure you are logging information about Lambda operations. Create a lifecycle and use cases for each trail.

PASS critical lambda ap-south-1 Find secrets in Lambda functions code. DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE Find secrets in Lambda functions code. awslambda_function_no_secrets_in_code No secrets found in Lambda function DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE code

The use of a hard-coded password increases the possibility of password guessing. If hard-coded passwords are used; it is possible that malicious users gain access through the account in question.

Use Secrets Manager to securely provide database credentials to Lambda functions and secure the databases as well as use the credentials to connect and query them without hardcoding the secrets in code or passing them through environmental variables.

PASS critical lambda us-west-2 Find secrets in Lambda functions code. Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 Find secrets in Lambda functions code. awslambda_function_no_secrets_in_code No secrets found in Lambda function Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 code

The use of a hard-coded password increases the possibility of password guessing. If hard-coded passwords are used; it is possible that malicious users gain access through the account in question.

Use Secrets Manager to securely provide database credentials to Lambda functions and secure the databases as well as use the credentials to connect and query them without hardcoding the secrets in code or passing them through environmental variables.

PASS critical lambda ap-south-1 Find secrets in Lambda functions variables. DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE Find secrets in Lambda functions variables. awslambda_function_no_secrets_in_variables No secrets found in Lambda function DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE variables

The use of a hard-coded password increases the possibility of password guessing. If hard-coded passwords are used; it is possible that malicious users gain access through the account in question.

Use Secrets Manager to securely provide database credentials to Lambda functions and secure the databases as well as use the credentials to connect and query them without hardcoding the secrets in code or passing them through environmental variables.

PASS critical lambda us-west-2 Find secrets in Lambda functions variables. Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 Find secrets in Lambda functions variables. awslambda_function_no_secrets_in_variables No secrets found in Lambda function Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 variables

The use of a hard-coded password increases the possibility of password guessing. If hard-coded passwords are used; it is possible that malicious users gain access through the account in question.

Use Secrets Manager to securely provide database credentials to Lambda functions and secure the databases as well as use the credentials to connect and query them without hardcoding the secrets in code or passing them through environmental variables.

PASS critical lambda ap-south-1 heck if Lambda functions have resource-based policy set as Public. DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE Check if Lambda functions have resource-based policy set as Public. awslambda_function_not_publicly_accessible Lambda function DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE has a policy resource-based policy not public

Publicly accessible services could expose sensitive data to bad actors.

Grant usage permission on a per-resource basis and applying least privilege principle.

PASS critical lambda us-west-2 heck if Lambda functions have resource-based policy set as Public. Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 Check if Lambda functions have resource-based policy set as Public. awslambda_function_not_publicly_accessible Lambda function Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 has a policy resource-based policy not public

Publicly accessible services could expose sensitive data to bad actors.

Grant usage permission on a per-resource basis and applying least privilege principle.

PASS medium lambda ap-south-1 Find obsolete Lambda runtimes. DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE Find obsolete Lambda runtimes. awslambda_function_using_supported_runtimes Lambda function DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE is using nodejs12.x which is supported

If you have functions running on a runtime that will be deprecated in the next 60 days; Lambda notifies you by email that you should prepare by migrating your function to a supported runtime. In some cases; such as security issues that require a backwards-incompatible update; or software that does not support a long-term support (LTS) schedule; advance notice might not be possible. After a runtime is deprecated; Lambda might retire it completely at any time by disabling invocation. Deprecated runtimes are not eligible for security updates or technical support.

Test new runtimes as they are made available. Implement them in production as soon as possible.

PASS medium lambda us-west-2 Find obsolete Lambda runtimes. Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 Find obsolete Lambda runtimes. awslambda_function_using_supported_runtimes Lambda function Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 is using python3.7 which is supported

If you have functions running on a runtime that will be deprecated in the next 60 days; Lambda notifies you by email that you should prepare by migrating your function to a supported runtime. In some cases; such as security issues that require a backwards-incompatible update; or software that does not support a long-term support (LTS) schedule; advance notice might not be possible. After a runtime is deprecated; Lambda might retire it completely at any time by disabling invocation. Deprecated runtimes are not eligible for security updates or technical support.

Test new runtimes as they are made available. Implement them in production as soon as possible.

PASS critical cloudformation ap-south-1 Find secrets in CloudFormation outputs DeepSecuritySetup-e8cff1317 Find secrets in CloudFormation outputs cloudformation_outputs_find_secrets No secrets found in Stack DeepSecuritySetup-e8cff1317 Outputs.

Secrets hardcoded into CloudFormation outputs can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

PASS critical cloudformation ap-south-1 Find secrets in CloudFormation outputs DeepSecuritySetup-357d0739a Find secrets in CloudFormation outputs cloudformation_outputs_find_secrets No secrets found in Stack DeepSecuritySetup-357d0739a Outputs.

Secrets hardcoded into CloudFormation outputs can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

PASS critical cloudformation us-east-1 Find secrets in CloudFormation outputs DeepSecuritySetup-4e02218e7 Find secrets in CloudFormation outputs cloudformation_outputs_find_secrets CloudFormation DeepSecuritySetup-4e02218e7 has no Outputs.

Secrets hardcoded into CloudFormation outputs can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

PASS critical cloudformation us-west-2 Find secrets in CloudFormation outputs Nops-Integration-8d76 Find secrets in CloudFormation outputs cloudformation_outputs_find_secrets No secrets found in Stack Nops-Integration-8d76 Outputs.

Secrets hardcoded into CloudFormation outputs can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

FAIL medium cloudformation ap-south-1 Enable termination protection for Cloudformation Stacks DeepSecuritySetup-e8cff1317 Enable termination protection for Cloudformation Stacks cloudformation_stacks_termination_protection_enabled CloudFormation DeepSecuritySetup-e8cff1317 has termination protection disabled

Without termination protection enabled; a critical cloudformation stack can be accidently deleted.

Ensure termination protection is enabled for the cloudformation stacks.

FAIL medium cloudformation ap-south-1 Enable termination protection for Cloudformation Stacks DeepSecuritySetup-357d0739a Enable termination protection for Cloudformation Stacks cloudformation_stacks_termination_protection_enabled CloudFormation DeepSecuritySetup-357d0739a has termination protection disabled

Without termination protection enabled; a critical cloudformation stack can be accidently deleted.

Ensure termination protection is enabled for the cloudformation stacks.

FAIL medium cloudformation us-east-1 Enable termination protection for Cloudformation Stacks DeepSecuritySetup-4e02218e7 Enable termination protection for Cloudformation Stacks cloudformation_stacks_termination_protection_enabled CloudFormation DeepSecuritySetup-4e02218e7 has termination protection disabled

Without termination protection enabled; a critical cloudformation stack can be accidently deleted.

Ensure termination protection is enabled for the cloudformation stacks.

FAIL medium cloudformation us-west-2 Enable termination protection for Cloudformation Stacks Nops-Integration-8d76 Enable termination protection for Cloudformation Stacks cloudformation_stacks_termination_protection_enabled CloudFormation Nops-Integration-8d76 has termination protection disabled

Without termination protection enabled; a critical cloudformation stack can be accidently deleted.

Ensure termination protection is enabled for the cloudformation stacks.

PASS low cloudtrail ap-northeast-1 Ensure CloudTrail trails are integrated with CloudWatch Logs AWS-TRAIL Ensure CloudTrail trails are integrated with CloudWatch Logs cloudtrail_cloudwatch_logging_enabled Multiregion trail AWS-TRAIL has been logging the last 24h

Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity.

Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property.

PASS low cloudtrail ap-northeast-2 Ensure CloudTrail trails are integrated with CloudWatch Logs AWS-TRAIL Ensure CloudTrail trails are integrated with CloudWatch Logs cloudtrail_cloudwatch_logging_enabled Multiregion trail AWS-TRAIL has been logging the last 24h

Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity.

Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property.

PASS low cloudtrail ap-northeast-3 Ensure CloudTrail trails are integrated with CloudWatch Logs AWS-TRAIL Ensure CloudTrail trails are integrated with CloudWatch Logs cloudtrail_cloudwatch_logging_enabled Multiregion trail AWS-TRAIL has been logging the last 24h

Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity.

Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property.

PASS low cloudtrail ap-south-1 Ensure CloudTrail trails are integrated with CloudWatch Logs AWS-TRAIL Ensure CloudTrail trails are integrated with CloudWatch Logs cloudtrail_cloudwatch_logging_enabled Multiregion trail AWS-TRAIL has been logging the last 24h

Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity.

Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property.

PASS low cloudtrail ap-southeast-1 Ensure CloudTrail trails are integrated with CloudWatch Logs AWS-TRAIL Ensure CloudTrail trails are integrated with CloudWatch Logs cloudtrail_cloudwatch_logging_enabled Multiregion trail AWS-TRAIL has been logging the last 24h

Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity.

Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property.

PASS low cloudtrail ap-southeast-2 Ensure CloudTrail trails are integrated with CloudWatch Logs AWS-TRAIL Ensure CloudTrail trails are integrated with CloudWatch Logs cloudtrail_cloudwatch_logging_enabled Multiregion trail AWS-TRAIL has been logging the last 24h

Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity.

Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property.

PASS low cloudtrail ca-central-1 Ensure CloudTrail trails are integrated with CloudWatch Logs AWS-TRAIL Ensure CloudTrail trails are integrated with CloudWatch Logs cloudtrail_cloudwatch_logging_enabled Multiregion trail AWS-TRAIL has been logging the last 24h

Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity.

Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property.

PASS low cloudtrail eu-central-1 Ensure CloudTrail trails are integrated with CloudWatch Logs AWS-TRAIL Ensure CloudTrail trails are integrated with CloudWatch Logs cloudtrail_cloudwatch_logging_enabled Multiregion trail AWS-TRAIL has been logging the last 24h

Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity.

Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property.

PASS low cloudtrail eu-north-1 Ensure CloudTrail trails are integrated with CloudWatch Logs AWS-TRAIL Ensure CloudTrail trails are integrated with CloudWatch Logs cloudtrail_cloudwatch_logging_enabled Multiregion trail AWS-TRAIL has been logging the last 24h

Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity.

Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property.

PASS low cloudtrail eu-west-1 Ensure CloudTrail trails are integrated with CloudWatch Logs AWS-TRAIL Ensure CloudTrail trails are integrated with CloudWatch Logs cloudtrail_cloudwatch_logging_enabled Multiregion trail AWS-TRAIL has been logging the last 24h

Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity.

Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property.

PASS low cloudtrail eu-west-2 Ensure CloudTrail trails are integrated with CloudWatch Logs AWS-TRAIL Ensure CloudTrail trails are integrated with CloudWatch Logs cloudtrail_cloudwatch_logging_enabled Multiregion trail AWS-TRAIL has been logging the last 24h

Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity.

Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property.

PASS low cloudtrail eu-west-3 Ensure CloudTrail trails are integrated with CloudWatch Logs AWS-TRAIL Ensure CloudTrail trails are integrated with CloudWatch Logs cloudtrail_cloudwatch_logging_enabled Multiregion trail AWS-TRAIL has been logging the last 24h

Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity.

Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property.

PASS low cloudtrail sa-east-1 Ensure CloudTrail trails are integrated with CloudWatch Logs AWS-TRAIL Ensure CloudTrail trails are integrated with CloudWatch Logs cloudtrail_cloudwatch_logging_enabled Multiregion trail AWS-TRAIL has been logging the last 24h

Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity.

Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property.

PASS low cloudtrail us-east-1 Ensure CloudTrail trails are integrated with CloudWatch Logs AWS-TRAIL Ensure CloudTrail trails are integrated with CloudWatch Logs cloudtrail_cloudwatch_logging_enabled Multiregion trail AWS-TRAIL has been logging the last 24h

Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity.

Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property.

PASS low cloudtrail us-east-2 Ensure CloudTrail trails are integrated with CloudWatch Logs AWS-TRAIL Ensure CloudTrail trails are integrated with CloudWatch Logs cloudtrail_cloudwatch_logging_enabled Multiregion trail AWS-TRAIL has been logging the last 24h

Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity.

Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property.

PASS low cloudtrail us-west-1 Ensure CloudTrail trails are integrated with CloudWatch Logs AWS-TRAIL Ensure CloudTrail trails are integrated with CloudWatch Logs cloudtrail_cloudwatch_logging_enabled Multiregion trail AWS-TRAIL has been logging the last 24h

Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity.

Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property.

PASS low cloudtrail us-west-2 Ensure CloudTrail trails are integrated with CloudWatch Logs AWS-TRAIL Ensure CloudTrail trails are integrated with CloudWatch Logs cloudtrail_cloudwatch_logging_enabled Multiregion trail AWS-TRAIL has been logging the last 24h

Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user; API; resource; and IP address; and provides opportunity to establish alarms and notifications for anomalous or sensitivity account activity.

Validate that the trails in CloudTrail has an arn set in the CloudWatchLogsLogGroupArn property.

FAIL medium cloudtrail ap-northeast-1 Ensure CloudTrail logs are encrypted at rest using KMS CMKs AWS-TRAIL Ensure CloudTrail logs are encrypted at rest using KMS CMKs cloudtrail_kms_encryption_enabled Multiregion trail AWS-TRAIL has encryption disabled

By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files.

This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security.

FAIL medium cloudtrail ap-northeast-2 Ensure CloudTrail logs are encrypted at rest using KMS CMKs AWS-TRAIL Ensure CloudTrail logs are encrypted at rest using KMS CMKs cloudtrail_kms_encryption_enabled Multiregion trail AWS-TRAIL has encryption disabled

By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files.

This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security.

FAIL medium cloudtrail ap-northeast-3 Ensure CloudTrail logs are encrypted at rest using KMS CMKs AWS-TRAIL Ensure CloudTrail logs are encrypted at rest using KMS CMKs cloudtrail_kms_encryption_enabled Multiregion trail AWS-TRAIL has encryption disabled

By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files.

This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security.

FAIL medium cloudtrail ap-south-1 Ensure CloudTrail logs are encrypted at rest using KMS CMKs AWS-TRAIL Ensure CloudTrail logs are encrypted at rest using KMS CMKs cloudtrail_kms_encryption_enabled Multiregion trail AWS-TRAIL has encryption disabled

By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files.

This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security.

FAIL medium cloudtrail ap-southeast-1 Ensure CloudTrail logs are encrypted at rest using KMS CMKs AWS-TRAIL Ensure CloudTrail logs are encrypted at rest using KMS CMKs cloudtrail_kms_encryption_enabled Multiregion trail AWS-TRAIL has encryption disabled

By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files.

This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security.

FAIL medium cloudtrail ap-southeast-2 Ensure CloudTrail logs are encrypted at rest using KMS CMKs AWS-TRAIL Ensure CloudTrail logs are encrypted at rest using KMS CMKs cloudtrail_kms_encryption_enabled Multiregion trail AWS-TRAIL has encryption disabled

By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files.

This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security.

FAIL medium cloudtrail ca-central-1 Ensure CloudTrail logs are encrypted at rest using KMS CMKs AWS-TRAIL Ensure CloudTrail logs are encrypted at rest using KMS CMKs cloudtrail_kms_encryption_enabled Multiregion trail AWS-TRAIL has encryption disabled

By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files.

This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security.

FAIL medium cloudtrail eu-central-1 Ensure CloudTrail logs are encrypted at rest using KMS CMKs AWS-TRAIL Ensure CloudTrail logs are encrypted at rest using KMS CMKs cloudtrail_kms_encryption_enabled Multiregion trail AWS-TRAIL has encryption disabled

By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files.

This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security.

FAIL medium cloudtrail eu-north-1 Ensure CloudTrail logs are encrypted at rest using KMS CMKs AWS-TRAIL Ensure CloudTrail logs are encrypted at rest using KMS CMKs cloudtrail_kms_encryption_enabled Multiregion trail AWS-TRAIL has encryption disabled

By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files.

This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security.

FAIL medium cloudtrail eu-west-1 Ensure CloudTrail logs are encrypted at rest using KMS CMKs AWS-TRAIL Ensure CloudTrail logs are encrypted at rest using KMS CMKs cloudtrail_kms_encryption_enabled Multiregion trail AWS-TRAIL has encryption disabled

By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files.

This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security.

FAIL medium cloudtrail eu-west-2 Ensure CloudTrail logs are encrypted at rest using KMS CMKs AWS-TRAIL Ensure CloudTrail logs are encrypted at rest using KMS CMKs cloudtrail_kms_encryption_enabled Multiregion trail AWS-TRAIL has encryption disabled

By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files.

This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security.

FAIL medium cloudtrail eu-west-3 Ensure CloudTrail logs are encrypted at rest using KMS CMKs AWS-TRAIL Ensure CloudTrail logs are encrypted at rest using KMS CMKs cloudtrail_kms_encryption_enabled Multiregion trail AWS-TRAIL has encryption disabled

By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files.

This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security.

FAIL medium cloudtrail sa-east-1 Ensure CloudTrail logs are encrypted at rest using KMS CMKs AWS-TRAIL Ensure CloudTrail logs are encrypted at rest using KMS CMKs cloudtrail_kms_encryption_enabled Multiregion trail AWS-TRAIL has encryption disabled

By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files.

This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security.

FAIL medium cloudtrail us-east-1 Ensure CloudTrail logs are encrypted at rest using KMS CMKs AWS-TRAIL Ensure CloudTrail logs are encrypted at rest using KMS CMKs cloudtrail_kms_encryption_enabled Multiregion trail AWS-TRAIL has encryption disabled

By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files.

This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security.

FAIL medium cloudtrail us-east-2 Ensure CloudTrail logs are encrypted at rest using KMS CMKs AWS-TRAIL Ensure CloudTrail logs are encrypted at rest using KMS CMKs cloudtrail_kms_encryption_enabled Multiregion trail AWS-TRAIL has encryption disabled

By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files.

This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security.

FAIL medium cloudtrail us-west-1 Ensure CloudTrail logs are encrypted at rest using KMS CMKs AWS-TRAIL Ensure CloudTrail logs are encrypted at rest using KMS CMKs cloudtrail_kms_encryption_enabled Multiregion trail AWS-TRAIL has encryption disabled

By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files.

This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security.

FAIL medium cloudtrail us-west-2 Ensure CloudTrail logs are encrypted at rest using KMS CMKs AWS-TRAIL Ensure CloudTrail logs are encrypted at rest using KMS CMKs cloudtrail_kms_encryption_enabled Multiregion trail AWS-TRAIL has encryption disabled

By default; the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security layer that is directly manageable; you can instead use server-side encryption with AWS KMS–managed keys (SSE-KMS) for your CloudTrail log files.

This approach has the following advantages: You can create and manage the CMK encryption keys yourself. You can use a single CMK to encrypt and decrypt log files for multiple accounts across all regions. You have control over who can use your key for encrypting and decrypting CloudTrail log files. You can assign permissions for the key to the users. You have enhanced security.

PASS medium cloudtrail ap-northeast-1 Ensure CloudTrail log file validation is enabled AWS-TRAIL Ensure CloudTrail log file validation is enabled cloudtrail_log_file_validation_enabled Multiregion trail AWS-TRAIL log file validation enabled

Enabling log file validation will provide additional integrity checking of CloudTrail logs.

Ensure LogFileValidationEnabled is set to true for each trail.

PASS medium cloudtrail ap-northeast-2 Ensure CloudTrail log file validation is enabled AWS-TRAIL Ensure CloudTrail log file validation is enabled cloudtrail_log_file_validation_enabled Multiregion trail AWS-TRAIL log file validation enabled

Enabling log file validation will provide additional integrity checking of CloudTrail logs.

Ensure LogFileValidationEnabled is set to true for each trail.

PASS medium cloudtrail ap-northeast-3 Ensure CloudTrail log file validation is enabled AWS-TRAIL Ensure CloudTrail log file validation is enabled cloudtrail_log_file_validation_enabled Multiregion trail AWS-TRAIL log file validation enabled

Enabling log file validation will provide additional integrity checking of CloudTrail logs.

Ensure LogFileValidationEnabled is set to true for each trail.

PASS medium cloudtrail ap-south-1 Ensure CloudTrail log file validation is enabled AWS-TRAIL Ensure CloudTrail log file validation is enabled cloudtrail_log_file_validation_enabled Multiregion trail AWS-TRAIL log file validation enabled

Enabling log file validation will provide additional integrity checking of CloudTrail logs.

Ensure LogFileValidationEnabled is set to true for each trail.

PASS medium cloudtrail ap-southeast-1 Ensure CloudTrail log file validation is enabled AWS-TRAIL Ensure CloudTrail log file validation is enabled cloudtrail_log_file_validation_enabled Multiregion trail AWS-TRAIL log file validation enabled

Enabling log file validation will provide additional integrity checking of CloudTrail logs.

Ensure LogFileValidationEnabled is set to true for each trail.

PASS medium cloudtrail ap-southeast-2 Ensure CloudTrail log file validation is enabled AWS-TRAIL Ensure CloudTrail log file validation is enabled cloudtrail_log_file_validation_enabled Multiregion trail AWS-TRAIL log file validation enabled

Enabling log file validation will provide additional integrity checking of CloudTrail logs.

Ensure LogFileValidationEnabled is set to true for each trail.

PASS medium cloudtrail ca-central-1 Ensure CloudTrail log file validation is enabled AWS-TRAIL Ensure CloudTrail log file validation is enabled cloudtrail_log_file_validation_enabled Multiregion trail AWS-TRAIL log file validation enabled

Enabling log file validation will provide additional integrity checking of CloudTrail logs.

Ensure LogFileValidationEnabled is set to true for each trail.

PASS medium cloudtrail eu-central-1 Ensure CloudTrail log file validation is enabled AWS-TRAIL Ensure CloudTrail log file validation is enabled cloudtrail_log_file_validation_enabled Multiregion trail AWS-TRAIL log file validation enabled

Enabling log file validation will provide additional integrity checking of CloudTrail logs.

Ensure LogFileValidationEnabled is set to true for each trail.

PASS medium cloudtrail eu-north-1 Ensure CloudTrail log file validation is enabled AWS-TRAIL Ensure CloudTrail log file validation is enabled cloudtrail_log_file_validation_enabled Multiregion trail AWS-TRAIL log file validation enabled

Enabling log file validation will provide additional integrity checking of CloudTrail logs.

Ensure LogFileValidationEnabled is set to true for each trail.

PASS medium cloudtrail eu-west-1 Ensure CloudTrail log file validation is enabled AWS-TRAIL Ensure CloudTrail log file validation is enabled cloudtrail_log_file_validation_enabled Multiregion trail AWS-TRAIL log file validation enabled

Enabling log file validation will provide additional integrity checking of CloudTrail logs.

Ensure LogFileValidationEnabled is set to true for each trail.

PASS medium cloudtrail eu-west-2 Ensure CloudTrail log file validation is enabled AWS-TRAIL Ensure CloudTrail log file validation is enabled cloudtrail_log_file_validation_enabled Multiregion trail AWS-TRAIL log file validation enabled

Enabling log file validation will provide additional integrity checking of CloudTrail logs.

Ensure LogFileValidationEnabled is set to true for each trail.

PASS medium cloudtrail eu-west-3 Ensure CloudTrail log file validation is enabled AWS-TRAIL Ensure CloudTrail log file validation is enabled cloudtrail_log_file_validation_enabled Multiregion trail AWS-TRAIL log file validation enabled

Enabling log file validation will provide additional integrity checking of CloudTrail logs.

Ensure LogFileValidationEnabled is set to true for each trail.

PASS medium cloudtrail sa-east-1 Ensure CloudTrail log file validation is enabled AWS-TRAIL Ensure CloudTrail log file validation is enabled cloudtrail_log_file_validation_enabled Multiregion trail AWS-TRAIL log file validation enabled

Enabling log file validation will provide additional integrity checking of CloudTrail logs.

Ensure LogFileValidationEnabled is set to true for each trail.

PASS medium cloudtrail us-east-1 Ensure CloudTrail log file validation is enabled AWS-TRAIL Ensure CloudTrail log file validation is enabled cloudtrail_log_file_validation_enabled Multiregion trail AWS-TRAIL log file validation enabled

Enabling log file validation will provide additional integrity checking of CloudTrail logs.

Ensure LogFileValidationEnabled is set to true for each trail.

PASS medium cloudtrail us-east-2 Ensure CloudTrail log file validation is enabled AWS-TRAIL Ensure CloudTrail log file validation is enabled cloudtrail_log_file_validation_enabled Multiregion trail AWS-TRAIL log file validation enabled

Enabling log file validation will provide additional integrity checking of CloudTrail logs.

Ensure LogFileValidationEnabled is set to true for each trail.

PASS medium cloudtrail us-west-1 Ensure CloudTrail log file validation is enabled AWS-TRAIL Ensure CloudTrail log file validation is enabled cloudtrail_log_file_validation_enabled Multiregion trail AWS-TRAIL log file validation enabled

Enabling log file validation will provide additional integrity checking of CloudTrail logs.

Ensure LogFileValidationEnabled is set to true for each trail.

PASS medium cloudtrail us-west-2 Ensure CloudTrail log file validation is enabled AWS-TRAIL Ensure CloudTrail log file validation is enabled cloudtrail_log_file_validation_enabled Multiregion trail AWS-TRAIL log file validation enabled

Enabling log file validation will provide additional integrity checking of CloudTrail logs.

Ensure LogFileValidationEnabled is set to true for each trail.

PASS medium cloudtrail ap-northeast-1 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket AWS-TRAIL Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket cloudtrail_logs_s3_bucket_access_logging_enabled Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive.

PASS medium cloudtrail ap-northeast-2 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket AWS-TRAIL Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket cloudtrail_logs_s3_bucket_access_logging_enabled Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive.

PASS medium cloudtrail ap-northeast-3 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket AWS-TRAIL Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket cloudtrail_logs_s3_bucket_access_logging_enabled Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive.

PASS medium cloudtrail ap-south-1 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket AWS-TRAIL Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket cloudtrail_logs_s3_bucket_access_logging_enabled Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive.

PASS medium cloudtrail ap-southeast-1 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket AWS-TRAIL Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket cloudtrail_logs_s3_bucket_access_logging_enabled Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive.

PASS medium cloudtrail ap-southeast-2 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket AWS-TRAIL Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket cloudtrail_logs_s3_bucket_access_logging_enabled Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive.

PASS medium cloudtrail ca-central-1 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket AWS-TRAIL Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket cloudtrail_logs_s3_bucket_access_logging_enabled Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive.

PASS medium cloudtrail eu-central-1 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket AWS-TRAIL Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket cloudtrail_logs_s3_bucket_access_logging_enabled Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive.

PASS medium cloudtrail eu-north-1 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket AWS-TRAIL Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket cloudtrail_logs_s3_bucket_access_logging_enabled Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive.

PASS medium cloudtrail eu-west-1 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket AWS-TRAIL Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket cloudtrail_logs_s3_bucket_access_logging_enabled Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive.

PASS medium cloudtrail eu-west-2 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket AWS-TRAIL Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket cloudtrail_logs_s3_bucket_access_logging_enabled Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive.

PASS medium cloudtrail eu-west-3 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket AWS-TRAIL Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket cloudtrail_logs_s3_bucket_access_logging_enabled Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive.

PASS medium cloudtrail sa-east-1 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket AWS-TRAIL Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket cloudtrail_logs_s3_bucket_access_logging_enabled Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive.

PASS medium cloudtrail us-east-1 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket AWS-TRAIL Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket cloudtrail_logs_s3_bucket_access_logging_enabled Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive.

PASS medium cloudtrail us-east-2 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket AWS-TRAIL Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket cloudtrail_logs_s3_bucket_access_logging_enabled Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive.

PASS medium cloudtrail us-west-1 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket AWS-TRAIL Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket cloudtrail_logs_s3_bucket_access_logging_enabled Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive.

PASS medium cloudtrail us-west-2 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket AWS-TRAIL Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket cloudtrail_logs_s3_bucket_access_logging_enabled Multiregion trail AWS-TRAIL S3 bucket access logging is enabled for bucket fugologs

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case; this finding can be considered a false positive.

PASS critical cloudtrail ap-northeast-1 Ensure the S3 bucket CloudTrail logs is not publicly accessible AWS-TRAIL Ensure the S3 bucket CloudTrail logs to is not publicly accessible cloudtrail_logs_s3_bucket_is_not_publicly_accessible S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible

Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration.

Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges.

PASS critical cloudtrail ap-northeast-2 Ensure the S3 bucket CloudTrail logs is not publicly accessible AWS-TRAIL Ensure the S3 bucket CloudTrail logs to is not publicly accessible cloudtrail_logs_s3_bucket_is_not_publicly_accessible S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible

Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration.

Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges.

PASS critical cloudtrail ap-northeast-3 Ensure the S3 bucket CloudTrail logs is not publicly accessible AWS-TRAIL Ensure the S3 bucket CloudTrail logs to is not publicly accessible cloudtrail_logs_s3_bucket_is_not_publicly_accessible S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible

Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration.

Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges.

PASS critical cloudtrail ap-south-1 Ensure the S3 bucket CloudTrail logs is not publicly accessible AWS-TRAIL Ensure the S3 bucket CloudTrail logs to is not publicly accessible cloudtrail_logs_s3_bucket_is_not_publicly_accessible S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible

Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration.

Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges.

PASS critical cloudtrail ap-southeast-1 Ensure the S3 bucket CloudTrail logs is not publicly accessible AWS-TRAIL Ensure the S3 bucket CloudTrail logs to is not publicly accessible cloudtrail_logs_s3_bucket_is_not_publicly_accessible S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible

Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration.

Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges.

PASS critical cloudtrail ap-southeast-2 Ensure the S3 bucket CloudTrail logs is not publicly accessible AWS-TRAIL Ensure the S3 bucket CloudTrail logs to is not publicly accessible cloudtrail_logs_s3_bucket_is_not_publicly_accessible S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible

Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration.

Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges.

PASS critical cloudtrail ca-central-1 Ensure the S3 bucket CloudTrail logs is not publicly accessible AWS-TRAIL Ensure the S3 bucket CloudTrail logs to is not publicly accessible cloudtrail_logs_s3_bucket_is_not_publicly_accessible S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible

Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration.

Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges.

PASS critical cloudtrail eu-central-1 Ensure the S3 bucket CloudTrail logs is not publicly accessible AWS-TRAIL Ensure the S3 bucket CloudTrail logs to is not publicly accessible cloudtrail_logs_s3_bucket_is_not_publicly_accessible S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible

Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration.

Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges.

PASS critical cloudtrail eu-north-1 Ensure the S3 bucket CloudTrail logs is not publicly accessible AWS-TRAIL Ensure the S3 bucket CloudTrail logs to is not publicly accessible cloudtrail_logs_s3_bucket_is_not_publicly_accessible S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible

Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration.

Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges.

PASS critical cloudtrail eu-west-1 Ensure the S3 bucket CloudTrail logs is not publicly accessible AWS-TRAIL Ensure the S3 bucket CloudTrail logs to is not publicly accessible cloudtrail_logs_s3_bucket_is_not_publicly_accessible S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible

Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration.

Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges.

PASS critical cloudtrail eu-west-2 Ensure the S3 bucket CloudTrail logs is not publicly accessible AWS-TRAIL Ensure the S3 bucket CloudTrail logs to is not publicly accessible cloudtrail_logs_s3_bucket_is_not_publicly_accessible S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible

Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration.

Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges.

PASS critical cloudtrail eu-west-3 Ensure the S3 bucket CloudTrail logs is not publicly accessible AWS-TRAIL Ensure the S3 bucket CloudTrail logs to is not publicly accessible cloudtrail_logs_s3_bucket_is_not_publicly_accessible S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible

Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration.

Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges.

PASS critical cloudtrail sa-east-1 Ensure the S3 bucket CloudTrail logs is not publicly accessible AWS-TRAIL Ensure the S3 bucket CloudTrail logs to is not publicly accessible cloudtrail_logs_s3_bucket_is_not_publicly_accessible S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible

Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration.

Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges.

PASS critical cloudtrail us-east-1 Ensure the S3 bucket CloudTrail logs is not publicly accessible AWS-TRAIL Ensure the S3 bucket CloudTrail logs to is not publicly accessible cloudtrail_logs_s3_bucket_is_not_publicly_accessible S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible

Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration.

Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges.

PASS critical cloudtrail us-east-2 Ensure the S3 bucket CloudTrail logs is not publicly accessible AWS-TRAIL Ensure the S3 bucket CloudTrail logs to is not publicly accessible cloudtrail_logs_s3_bucket_is_not_publicly_accessible S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible

Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration.

Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges.

PASS critical cloudtrail us-west-1 Ensure the S3 bucket CloudTrail logs is not publicly accessible AWS-TRAIL Ensure the S3 bucket CloudTrail logs to is not publicly accessible cloudtrail_logs_s3_bucket_is_not_publicly_accessible S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible

Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration.

Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges.

PASS critical cloudtrail us-west-2 Ensure the S3 bucket CloudTrail logs is not publicly accessible AWS-TRAIL Ensure the S3 bucket CloudTrail logs to is not publicly accessible cloudtrail_logs_s3_bucket_is_not_publicly_accessible S3 Bucket fugologs from multiregion trail AWS-TRAIL is not publicly accessible

Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected accounts use or configuration.

Analyze Bucket policy to validate appropriate permissions. Ensure the AllUsers principal is not granted privileges. Ensure the AuthenticatedUsers principal is not granted privileges.

PASS high cloudtrail ap-northeast-1 Ensure CloudTrail is enabled in all regions AWS-TRAIL Ensure CloudTrail is enabled in all regions cloudtrail_multi_region_enabled Trail AWS-TRAIL is multiregion and it is logging

AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service.

Ensure Logging is set to ON on all regions (even if they are not being used at the moment.

PASS high cloudtrail ap-northeast-2 Ensure CloudTrail is enabled in all regions AWS-TRAIL Ensure CloudTrail is enabled in all regions cloudtrail_multi_region_enabled Trail AWS-TRAIL is multiregion and it is logging

AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service.

Ensure Logging is set to ON on all regions (even if they are not being used at the moment.

PASS high cloudtrail ap-northeast-3 Ensure CloudTrail is enabled in all regions AWS-TRAIL Ensure CloudTrail is enabled in all regions cloudtrail_multi_region_enabled Trail AWS-TRAIL is multiregion and it is logging

AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service.

Ensure Logging is set to ON on all regions (even if they are not being used at the moment.

PASS high cloudtrail ap-south-1 Ensure CloudTrail is enabled in all regions AWS-TRAIL Ensure CloudTrail is enabled in all regions cloudtrail_multi_region_enabled Trail AWS-TRAIL is multiregion and it is logging

AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service.

Ensure Logging is set to ON on all regions (even if they are not being used at the moment.

PASS high cloudtrail ap-southeast-1 Ensure CloudTrail is enabled in all regions AWS-TRAIL Ensure CloudTrail is enabled in all regions cloudtrail_multi_region_enabled Trail AWS-TRAIL is multiregion and it is logging

AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service.

Ensure Logging is set to ON on all regions (even if they are not being used at the moment.

PASS high cloudtrail ap-southeast-2 Ensure CloudTrail is enabled in all regions AWS-TRAIL Ensure CloudTrail is enabled in all regions cloudtrail_multi_region_enabled Trail AWS-TRAIL is multiregion and it is logging

AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service.

Ensure Logging is set to ON on all regions (even if they are not being used at the moment.

PASS high cloudtrail ca-central-1 Ensure CloudTrail is enabled in all regions AWS-TRAIL Ensure CloudTrail is enabled in all regions cloudtrail_multi_region_enabled Trail AWS-TRAIL is multiregion and it is logging

AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service.

Ensure Logging is set to ON on all regions (even if they are not being used at the moment.

PASS high cloudtrail eu-central-1 Ensure CloudTrail is enabled in all regions AWS-TRAIL Ensure CloudTrail is enabled in all regions cloudtrail_multi_region_enabled Trail AWS-TRAIL is multiregion and it is logging

AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service.

Ensure Logging is set to ON on all regions (even if they are not being used at the moment.

PASS high cloudtrail eu-north-1 Ensure CloudTrail is enabled in all regions AWS-TRAIL Ensure CloudTrail is enabled in all regions cloudtrail_multi_region_enabled Trail AWS-TRAIL is multiregion and it is logging

AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service.

Ensure Logging is set to ON on all regions (even if they are not being used at the moment.

PASS high cloudtrail eu-west-1 Ensure CloudTrail is enabled in all regions AWS-TRAIL Ensure CloudTrail is enabled in all regions cloudtrail_multi_region_enabled Trail AWS-TRAIL is multiregion and it is logging

AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service.

Ensure Logging is set to ON on all regions (even if they are not being used at the moment.

PASS high cloudtrail eu-west-2 Ensure CloudTrail is enabled in all regions AWS-TRAIL Ensure CloudTrail is enabled in all regions cloudtrail_multi_region_enabled Trail AWS-TRAIL is multiregion and it is logging

AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service.

Ensure Logging is set to ON on all regions (even if they are not being used at the moment.

PASS high cloudtrail eu-west-3 Ensure CloudTrail is enabled in all regions AWS-TRAIL Ensure CloudTrail is enabled in all regions cloudtrail_multi_region_enabled Trail AWS-TRAIL is multiregion and it is logging

AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service.

Ensure Logging is set to ON on all regions (even if they are not being used at the moment.

PASS high cloudtrail sa-east-1 Ensure CloudTrail is enabled in all regions AWS-TRAIL Ensure CloudTrail is enabled in all regions cloudtrail_multi_region_enabled Trail AWS-TRAIL is multiregion and it is logging

AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service.

Ensure Logging is set to ON on all regions (even if they are not being used at the moment.

PASS high cloudtrail us-east-1 Ensure CloudTrail is enabled in all regions AWS-TRAIL Ensure CloudTrail is enabled in all regions cloudtrail_multi_region_enabled Trail AWS-TRAIL is multiregion and it is logging

AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service.

Ensure Logging is set to ON on all regions (even if they are not being used at the moment.

PASS high cloudtrail us-east-2 Ensure CloudTrail is enabled in all regions AWS-TRAIL Ensure CloudTrail is enabled in all regions cloudtrail_multi_region_enabled Trail AWS-TRAIL is multiregion and it is logging

AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service.

Ensure Logging is set to ON on all regions (even if they are not being used at the moment.

PASS high cloudtrail us-west-1 Ensure CloudTrail is enabled in all regions AWS-TRAIL Ensure CloudTrail is enabled in all regions cloudtrail_multi_region_enabled Trail AWS-TRAIL is multiregion and it is logging

AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service.

Ensure Logging is set to ON on all regions (even if they are not being used at the moment.

PASS high cloudtrail us-west-2 Ensure CloudTrail is enabled in all regions AWS-TRAIL Ensure CloudTrail is enabled in all regions cloudtrail_multi_region_enabled Trail AWS-TRAIL is multiregion and it is logging

AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller; the time of the API call; the source IP address of the API caller; the request parameters; and the response elements returned by the AWS service.

Ensure Logging is set to ON on all regions (even if they are not being used at the moment.

FAIL low cloudtrail ap-south-1 Check if S3 buckets have Object-level logging for read events is enabled in CloudTrail. No trails Ensure that all your AWS CloudTrail trails are configured to log Data events in order to record S3 object-level API operations, such as GetObject, DeleteObject and PutObject, for individual S3 buckets or for all current and future S3 buckets provisioned in your AWS account. cloudtrail_s3_dataevents_read_enabled No CloudTrail trails have a data event to record all S3 object-level API operations.

If logs are not enabled, monitoring of service use and threat analysis is not possible.

Enable logs. Create an S3 lifecycle policy. Define use cases, metrics and automated responses where applicable.

FAIL low cloudtrail ap-south-1 Check if S3 buckets have Object-level logging for write events is enabled in CloudTrail. No trails Ensure that all your AWS CloudTrail trails are configured to log Data events in order to record S3 object-level API operations, such as GetObject, DeleteObject and PutObject, for individual S3 buckets or for all current and future S3 buckets provisioned in your AWS account. cloudtrail_s3_dataevents_write_enabled No CloudTrail trails have a data event to record all S3 object-level API operations.

If logs are not enabled, monitoring of service use and threat analysis is not possible.

Enable logs. Create an S3 lifecycle policy. Define use cases, metrics and automated responses where applicable.

PASS medium cloudwatch ap-south-1 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL). aws-cloudtrail-logs-207592916039-a7ba1fd6 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL). cloudwatch_changes_to_network_acls_alarm_configured CloudWatch log group aws-cloudtrail-logs-207592916039-a7ba1fd6 found with metric filter FUGO-NACL-ALERTS and alarms set.

Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.

It is recommended that a metric filter and alarm be established for unauthorized requests.

PASS medium cloudwatch ap-south-1 Ensure a log metric filter and alarm exist for changes to network gateways. aws-cloudtrail-logs-207592916039-a7ba1fd6 Ensure a log metric filter and alarm exist for changes to network gateways. cloudwatch_changes_to_network_gateways_alarm_configured CloudWatch log group aws-cloudtrail-logs-207592916039-a7ba1fd6 found with metric filter Network_Gtaeway_alerts and alarms set.

Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.

It is recommended that a metric filter and alarm be established for unauthorized requests.

FAIL medium cloudwatch us-east-1 Ensure a log metric filter and alarm exist for route table changes. 207592916039 Ensure a log metric filter and alarm exist for route table changes. cloudwatch_changes_to_network_route_tables_alarm_configured No CloudWatch log groups found with metric filters or alarms associated.

Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.

It is recommended that a metric filter and alarm be established for unauthorized requests.

PASS medium cloudwatch ap-south-1 Ensure a log metric filter and alarm exist for VPC changes. aws-cloudtrail-logs-207592916039-a7ba1fd6 Ensure a log metric filter and alarm exist for VPC changes. cloudwatch_changes_to_vpcs_alarm_configured CloudWatch log group aws-cloudtrail-logs-207592916039-a7ba1fd6 found with metric filter FUGO-VPC-CHANGE-ALERTS and alarms set.

Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.

It is recommended that a metric filter and alarm be established for unauthorized requests.

PASS medium cloudwatch ap-south-1 Check if CloudWatch has allowed cross-account sharing. CloudWatch-CrossAccountSharingRole Check if CloudWatch has allowed cross-account sharing. cloudwatch_cross_account_sharing_disabled CloudWatch doesn't allows cross-account sharing

Cross-Account access to CloudWatch could increase the risk of compromising information between accounts.

Grant usage permission on a per-resource basis to enforce least privilege and Zero Trust principles.

FAIL medium cloudwatch ap-south-1 Check if CloudWatch log groups are protected by AWS KMS. /aws/lambda/DeepSecuritySetup-357d0739a-CreateDSMRoleLambda-AYU11WBM5A65 Check if CloudWatch log groups are protected by AWS KMS. cloudwatch_log_group_kms_encryption_enabled Log Group /aws/lambda/DeepSecuritySetup-357d0739a-CreateDSMRoleLambda-AYU11WBM5A65 does not have AWS KMS keys associated.

Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data.

Associate KMS Key with Cloudwatch log group.

FAIL medium cloudwatch ap-south-1 Check if CloudWatch log groups are protected by AWS KMS. /aws/lambda/DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE Check if CloudWatch log groups are protected by AWS KMS. cloudwatch_log_group_kms_encryption_enabled Log Group /aws/lambda/DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE does not have AWS KMS keys associated.

Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data.

Associate KMS Key with Cloudwatch log group.

FAIL medium cloudwatch ap-south-1 Check if CloudWatch log groups are protected by AWS KMS. /aws/rds/cluster/fugo-prod-db/error Check if CloudWatch log groups are protected by AWS KMS. cloudwatch_log_group_kms_encryption_enabled Log Group /aws/rds/cluster/fugo-prod-db/error does not have AWS KMS keys associated.

Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data.

Associate KMS Key with Cloudwatch log group.

FAIL medium cloudwatch ap-south-1 Check if CloudWatch log groups are protected by AWS KMS. /aws/rds/cluster/fugo-production-db/error Check if CloudWatch log groups are protected by AWS KMS. cloudwatch_log_group_kms_encryption_enabled Log Group /aws/rds/cluster/fugo-production-db/error does not have AWS KMS keys associated.

Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data.

Associate KMS Key with Cloudwatch log group.

FAIL medium cloudwatch ap-south-1 Check if CloudWatch log groups are protected by AWS KMS. /aws/rds/instance/demo-audit-rds/error Check if CloudWatch log groups are protected by AWS KMS. cloudwatch_log_group_kms_encryption_enabled Log Group /aws/rds/instance/demo-audit-rds/error does not have AWS KMS keys associated.

Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data.

Associate KMS Key with Cloudwatch log group.

FAIL medium cloudwatch ap-south-1 Check if CloudWatch log groups are protected by AWS KMS. /aws/rds/instance/fugo-prod-db/error Check if CloudWatch log groups are protected by AWS KMS. cloudwatch_log_group_kms_encryption_enabled Log Group /aws/rds/instance/fugo-prod-db/error does not have AWS KMS keys associated.

Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data.

Associate KMS Key with Cloudwatch log group.

FAIL medium cloudwatch ap-south-1 Check if CloudWatch log groups are protected by AWS KMS. /aws/rds/instance/fugo-prod-rds/error Check if CloudWatch log groups are protected by AWS KMS. cloudwatch_log_group_kms_encryption_enabled Log Group /aws/rds/instance/fugo-prod-rds/error does not have AWS KMS keys associated.

Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data.

Associate KMS Key with Cloudwatch log group.

FAIL medium cloudwatch ap-south-1 Check if CloudWatch log groups are protected by AWS KMS. /aws/rds/instance/fugo-read-db/error Check if CloudWatch log groups are protected by AWS KMS. cloudwatch_log_group_kms_encryption_enabled Log Group /aws/rds/instance/fugo-read-db/error does not have AWS KMS keys associated.

Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data.

Associate KMS Key with Cloudwatch log group.

FAIL medium cloudwatch ap-south-1 Check if CloudWatch log groups are protected by AWS KMS. FUGO-PRODUCTION-FUGOONE-FLOWLOGS Check if CloudWatch log groups are protected by AWS KMS. cloudwatch_log_group_kms_encryption_enabled Log Group FUGO-PRODUCTION-FUGOONE-FLOWLOGS does not have AWS KMS keys associated.

Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data.

Associate KMS Key with Cloudwatch log group.

FAIL medium cloudwatch ap-south-1 Check if CloudWatch log groups are protected by AWS KMS. RDSOSMetrics Check if CloudWatch log groups are protected by AWS KMS. cloudwatch_log_group_kms_encryption_enabled Log Group RDSOSMetrics does not have AWS KMS keys associated.

Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data.

Associate KMS Key with Cloudwatch log group.

FAIL medium cloudwatch ap-south-1 Check if CloudWatch log groups are protected by AWS KMS. aws-cloudtrail-logs-207592916039-a7ba1fd6 Check if CloudWatch log groups are protected by AWS KMS. cloudwatch_log_group_kms_encryption_enabled Log Group aws-cloudtrail-logs-207592916039-a7ba1fd6 does not have AWS KMS keys associated.

Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data.

Associate KMS Key with Cloudwatch log group.

FAIL medium cloudwatch us-west-2 Check if CloudWatch log groups are protected by AWS KMS. /aws/lambda/Nops-Integration-4d3b-NopsLambdaLookupStack-LoeCWpU6AOSR Check if CloudWatch log groups are protected by AWS KMS. cloudwatch_log_group_kms_encryption_enabled Log Group /aws/lambda/Nops-Integration-4d3b-NopsLambdaLookupStack-LoeCWpU6AOSR does not have AWS KMS keys associated.

Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data.

Associate KMS Key with Cloudwatch log group.

FAIL medium cloudwatch us-west-2 Check if CloudWatch log groups are protected by AWS KMS. /aws/lambda/Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 Check if CloudWatch log groups are protected by AWS KMS. cloudwatch_log_group_kms_encryption_enabled Log Group /aws/lambda/Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 does not have AWS KMS keys associated.

Using customer managed KMS to encrypt CloudWatch log group provide additional confidentiality and control over the log data.

Associate KMS Key with Cloudwatch log group.

FAIL medium cloudwatch ap-south-1 Check if CloudWatch Log Groups have a retention policy of specific days. /aws/lambda/DeepSecuritySetup-357d0739a-CreateDSMRoleLambda-AYU11WBM5A65 Check if CloudWatch Log Groups have a retention policy of specific days. cloudwatch_log_group_retention_policy_specific_days_enabled Log Group /aws/lambda/DeepSecuritySetup-357d0739a-CreateDSMRoleLambda-AYU11WBM5A65 has less than 365 days retention period (0 days).

If log groups have a low retention policy of less than specific days, crucial logs and data can be lost.

Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time.

FAIL medium cloudwatch ap-south-1 Check if CloudWatch Log Groups have a retention policy of specific days. /aws/lambda/DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE Check if CloudWatch Log Groups have a retention policy of specific days. cloudwatch_log_group_retention_policy_specific_days_enabled Log Group /aws/lambda/DeepSecuritySetup-e8cff1317-CreateDSMRoleLambda-zaF3qePwDijE has less than 365 days retention period (0 days).

If log groups have a low retention policy of less than specific days, crucial logs and data can be lost.

Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time.

FAIL medium cloudwatch ap-south-1 Check if CloudWatch Log Groups have a retention policy of specific days. /aws/rds/cluster/fugo-prod-db/error Check if CloudWatch Log Groups have a retention policy of specific days. cloudwatch_log_group_retention_policy_specific_days_enabled Log Group /aws/rds/cluster/fugo-prod-db/error has less than 365 days retention period (0 days).

If log groups have a low retention policy of less than specific days, crucial logs and data can be lost.

Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time.

FAIL medium cloudwatch ap-south-1 Check if CloudWatch Log Groups have a retention policy of specific days. /aws/rds/cluster/fugo-production-db/error Check if CloudWatch Log Groups have a retention policy of specific days. cloudwatch_log_group_retention_policy_specific_days_enabled Log Group /aws/rds/cluster/fugo-production-db/error has less than 365 days retention period (0 days).

If log groups have a low retention policy of less than specific days, crucial logs and data can be lost.

Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time.

FAIL medium cloudwatch ap-south-1 Check if CloudWatch Log Groups have a retention policy of specific days. /aws/rds/instance/demo-audit-rds/error Check if CloudWatch Log Groups have a retention policy of specific days. cloudwatch_log_group_retention_policy_specific_days_enabled Log Group /aws/rds/instance/demo-audit-rds/error has less than 365 days retention period (0 days).

If log groups have a low retention policy of less than specific days, crucial logs and data can be lost.

Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time.

FAIL medium cloudwatch ap-south-1 Check if CloudWatch Log Groups have a retention policy of specific days. /aws/rds/instance/fugo-prod-db/error Check if CloudWatch Log Groups have a retention policy of specific days. cloudwatch_log_group_retention_policy_specific_days_enabled Log Group /aws/rds/instance/fugo-prod-db/error has less than 365 days retention period (0 days).

If log groups have a low retention policy of less than specific days, crucial logs and data can be lost.

Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time.

FAIL medium cloudwatch ap-south-1 Check if CloudWatch Log Groups have a retention policy of specific days. /aws/rds/instance/fugo-prod-rds/error Check if CloudWatch Log Groups have a retention policy of specific days. cloudwatch_log_group_retention_policy_specific_days_enabled Log Group /aws/rds/instance/fugo-prod-rds/error has less than 365 days retention period (0 days).

If log groups have a low retention policy of less than specific days, crucial logs and data can be lost.

Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time.

FAIL medium cloudwatch ap-south-1 Check if CloudWatch Log Groups have a retention policy of specific days. /aws/rds/instance/fugo-read-db/error Check if CloudWatch Log Groups have a retention policy of specific days. cloudwatch_log_group_retention_policy_specific_days_enabled Log Group /aws/rds/instance/fugo-read-db/error has less than 365 days retention period (0 days).

If log groups have a low retention policy of less than specific days, crucial logs and data can be lost.

Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time.

FAIL medium cloudwatch ap-south-1 Check if CloudWatch Log Groups have a retention policy of specific days. FUGO-PRODUCTION-FUGOONE-FLOWLOGS Check if CloudWatch Log Groups have a retention policy of specific days. cloudwatch_log_group_retention_policy_specific_days_enabled Log Group FUGO-PRODUCTION-FUGOONE-FLOWLOGS has less than 365 days retention period (0 days).

If log groups have a low retention policy of less than specific days, crucial logs and data can be lost.

Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time.

FAIL medium cloudwatch ap-south-1 Check if CloudWatch Log Groups have a retention policy of specific days. RDSOSMetrics Check if CloudWatch Log Groups have a retention policy of specific days. cloudwatch_log_group_retention_policy_specific_days_enabled Log Group RDSOSMetrics has less than 365 days retention period (30 days).

If log groups have a low retention policy of less than specific days, crucial logs and data can be lost.

Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time.

FAIL medium cloudwatch ap-south-1 Check if CloudWatch Log Groups have a retention policy of specific days. aws-cloudtrail-logs-207592916039-a7ba1fd6 Check if CloudWatch Log Groups have a retention policy of specific days. cloudwatch_log_group_retention_policy_specific_days_enabled Log Group aws-cloudtrail-logs-207592916039-a7ba1fd6 has less than 365 days retention period (0 days).

If log groups have a low retention policy of less than specific days, crucial logs and data can be lost.

Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time.

FAIL medium cloudwatch us-west-2 Check if CloudWatch Log Groups have a retention policy of specific days. /aws/lambda/Nops-Integration-4d3b-NopsLambdaLookupStack-LoeCWpU6AOSR Check if CloudWatch Log Groups have a retention policy of specific days. cloudwatch_log_group_retention_policy_specific_days_enabled Log Group /aws/lambda/Nops-Integration-4d3b-NopsLambdaLookupStack-LoeCWpU6AOSR has less than 365 days retention period (0 days).

If log groups have a low retention policy of less than specific days, crucial logs and data can be lost.

Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time.

FAIL medium cloudwatch us-west-2 Check if CloudWatch Log Groups have a retention policy of specific days. /aws/lambda/Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 Check if CloudWatch Log Groups have a retention policy of specific days. cloudwatch_log_group_retention_policy_specific_days_enabled Log Group /aws/lambda/Nops-Integration-8d76-NopsLambdaLookupStack-pyjWgFmKAUu2 has less than 365 days retention period (0 days).

If log groups have a low retention policy of less than specific days, crucial logs and data can be lost.

Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time.

FAIL medium cloudwatch us-east-1 Ensure a log metric filter and alarm exist for AWS Config configuration changes. 207592916039 Ensure a log metric filter and alarm exist for AWS Config configuration changes. cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled No CloudWatch log groups found with metric filters or alarms associated.

Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.

It is recommended that a metric filter and alarm be established for unauthorized requests.

PASS medium cloudwatch ap-south-1 Ensure a log metric filter and alarm exist for CloudTrail configuration changes. aws-cloudtrail-logs-207592916039-a7ba1fd6 Ensure a log metric filter and alarm exist for CloudTrail configuration changes. cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled CloudWatch log group aws-cloudtrail-logs-207592916039-a7ba1fd6 found with metric filter FUGO-CLOUDTRAIL-CONFIG-CHANGE-ALERT and alarms set.

Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.

It is recommended that a metric filter and alarm be established for unauthorized requests.

FAIL medium cloudwatch us-east-1 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures. 207592916039 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures. cloudwatch_log_metric_filter_authentication_failures No CloudWatch log groups found with metric filters or alarms associated.

Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.

It is recommended that a metric filter and alarm be established for unauthorized requests.

FAIL medium cloudwatch us-east-1 Ensure a log metric filter and alarm exist for AWS Organizations changes. 207592916039 Ensure a log metric filter and alarm exist for AWS Organizations changes. cloudwatch_log_metric_filter_aws_organizations_changes No CloudWatch log groups found with metric filters or alarms associated.

Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.

It is recommended that a metric filter and alarm be established for unauthorized requests.

PASS medium cloudwatch ap-south-1 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created KMS CMKs. aws-cloudtrail-logs-207592916039-a7ba1fd6 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created KMS CMKs. cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk CloudWatch log group aws-cloudtrail-logs-207592916039-a7ba1fd6 found with metric filter FUGO-CMK-ALERTS and alarms set.

Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.

It is recommended that a metric filter and alarm be established for unauthorized requests.

PASS medium cloudwatch ap-south-1 Ensure a log metric filter and alarm exist for S3 bucket policy changes. aws-cloudtrail-logs-207592916039-a7ba1fd6 Ensure a log metric filter and alarm exist for S3 bucket policy changes. cloudwatch_log_metric_filter_for_s3_bucket_policy_changes CloudWatch log group aws-cloudtrail-logs-207592916039-a7ba1fd6 found with metric filter FUGO-S3-POLICY-CHANGE-ALERTS and alarms set.

Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.

It is recommended that a metric filter and alarm be established for unauthorized requests.

FAIL medium cloudwatch ap-south-1 Ensure a log metric filter and alarm exist for IAM policy changes. aws-cloudtrail-logs-207592916039-a7ba1fd6 Ensure a log metric filter and alarm exist for IAM policy changes. cloudwatch_log_metric_filter_policy_changes CloudWatch log group aws-cloudtrail-logs-207592916039-a7ba1fd6 found with metric filter FUGO-IAM-POLICY-CHANGE-ALERTS but no alarms associated.

Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.

It is recommended that a metric filter and alarm be established for unauthorized requests.

FAIL medium cloudwatch us-east-1 Ensure a log metric filter and alarm exist for usage of root account. 207592916039 Ensure a log metric filter and alarm exist for usage of root account. cloudwatch_log_metric_filter_root_usage No CloudWatch log groups found with metric filters or alarms associated.

Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.

It is recommended that a metric filter and alarm be established for unauthorized requests.

PASS medium cloudwatch ap-south-1 Ensure a log metric filter and alarm exist for security group changes. aws-cloudtrail-logs-207592916039-a7ba1fd6 Ensure a log metric filter and alarm exist for security group changes. cloudwatch_log_metric_filter_security_group_changes CloudWatch log group aws-cloudtrail-logs-207592916039-a7ba1fd6 found with metric filter FUGO-SECURITY-GROUP-CHANGE-ALERTS and alarms set.

Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.

It is recommended that a metric filter and alarm be established for unauthorized requests.

FAIL medium cloudwatch us-east-1 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA. 207592916039 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA. cloudwatch_log_metric_filter_sign_in_without_mfa No CloudWatch log groups found with metric filters or alarms associated.

Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.

It is recommended that a metric filter and alarm be established for unauthorized requests.

FAIL medium cloudwatch us-east-1 Ensure a log metric filter and alarm exist for unauthorized API calls. 207592916039 Ensure a log metric filter and alarm exist for unauthorized API calls. cloudwatch_log_metric_filter_unauthorized_api_calls No CloudWatch log groups found with metric filters or alarms associated.

Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.

It is recommended that a metric filter and alarm be established for unauthorized requests.

FAIL medium config ap-northeast-1 Ensure AWS Config is enabled in all regions. 207592916039 Ensure AWS Config is enabled in all regions. config_recorder_all_regions_enabled AWS Config recorder 207592916039 is disabled.

The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing.

It is recommended to enable AWS Config be enabled in all regions.

FAIL medium config ap-northeast-2 Ensure AWS Config is enabled in all regions. 207592916039 Ensure AWS Config is enabled in all regions. config_recorder_all_regions_enabled AWS Config recorder 207592916039 is disabled.

The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing.

It is recommended to enable AWS Config be enabled in all regions.

FAIL medium config ap-northeast-3 Ensure AWS Config is enabled in all regions. 207592916039 Ensure AWS Config is enabled in all regions. config_recorder_all_regions_enabled AWS Config recorder 207592916039 is disabled.

The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing.

It is recommended to enable AWS Config be enabled in all regions.

PASS medium config ap-south-1 Ensure AWS Config is enabled in all regions. default Ensure AWS Config is enabled in all regions. config_recorder_all_regions_enabled AWS Config recorder default is enabled.

The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing.

It is recommended to enable AWS Config be enabled in all regions.

FAIL medium config ap-southeast-1 Ensure AWS Config is enabled in all regions. 207592916039 Ensure AWS Config is enabled in all regions. config_recorder_all_regions_enabled AWS Config recorder 207592916039 is disabled.

The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing.

It is recommended to enable AWS Config be enabled in all regions.

FAIL medium config ap-southeast-2 Ensure AWS Config is enabled in all regions. 207592916039 Ensure AWS Config is enabled in all regions. config_recorder_all_regions_enabled AWS Config recorder 207592916039 is disabled.

The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing.

It is recommended to enable AWS Config be enabled in all regions.

FAIL medium config ca-central-1 Ensure AWS Config is enabled in all regions. 207592916039 Ensure AWS Config is enabled in all regions. config_recorder_all_regions_enabled AWS Config recorder 207592916039 is disabled.

The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing.

It is recommended to enable AWS Config be enabled in all regions.

FAIL medium config eu-central-1 Ensure AWS Config is enabled in all regions. 207592916039 Ensure AWS Config is enabled in all regions. config_recorder_all_regions_enabled AWS Config recorder 207592916039 is disabled.

The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing.

It is recommended to enable AWS Config be enabled in all regions.

FAIL medium config eu-north-1 Ensure AWS Config is enabled in all regions. 207592916039 Ensure AWS Config is enabled in all regions. config_recorder_all_regions_enabled AWS Config recorder 207592916039 is disabled.

The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing.

It is recommended to enable AWS Config be enabled in all regions.

FAIL medium config eu-west-1 Ensure AWS Config is enabled in all regions. 207592916039 Ensure AWS Config is enabled in all regions. config_recorder_all_regions_enabled AWS Config recorder 207592916039 is disabled.

The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing.

It is recommended to enable AWS Config be enabled in all regions.

FAIL medium config eu-west-2 Ensure AWS Config is enabled in all regions. 207592916039 Ensure AWS Config is enabled in all regions. config_recorder_all_regions_enabled AWS Config recorder 207592916039 is disabled.

The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing.

It is recommended to enable AWS Config be enabled in all regions.

FAIL medium config eu-west-3 Ensure AWS Config is enabled in all regions. 207592916039 Ensure AWS Config is enabled in all regions. config_recorder_all_regions_enabled AWS Config recorder 207592916039 is disabled.

The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing.

It is recommended to enable AWS Config be enabled in all regions.

FAIL medium config sa-east-1 Ensure AWS Config is enabled in all regions. 207592916039 Ensure AWS Config is enabled in all regions. config_recorder_all_regions_enabled AWS Config recorder 207592916039 is disabled.

The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing.

It is recommended to enable AWS Config be enabled in all regions.

FAIL medium config us-east-1 Ensure AWS Config is enabled in all regions. 207592916039 Ensure AWS Config is enabled in all regions. config_recorder_all_regions_enabled AWS Config recorder 207592916039 is disabled.

The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing.

It is recommended to enable AWS Config be enabled in all regions.

FAIL medium config us-east-2 Ensure AWS Config is enabled in all regions. 207592916039 Ensure AWS Config is enabled in all regions. config_recorder_all_regions_enabled AWS Config recorder 207592916039 is disabled.

The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing.

It is recommended to enable AWS Config be enabled in all regions.

FAIL medium config us-west-1 Ensure AWS Config is enabled in all regions. 207592916039 Ensure AWS Config is enabled in all regions. config_recorder_all_regions_enabled AWS Config recorder 207592916039 is disabled.

The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing.

It is recommended to enable AWS Config be enabled in all regions.

FAIL medium config us-west-2 Ensure AWS Config is enabled in all regions. 207592916039 Ensure AWS Config is enabled in all regions. config_recorder_all_regions_enabled AWS Config recorder 207592916039 is disabled.

The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking and compliance auditing.

It is recommended to enable AWS Config be enabled in all regions.

FAIL medium directoryservice us-east-1 Directory Service monitoring with CloudWatch logs. d-906769962c Directory Service monitoring with CloudWatch logs. directoryservice_directory_log_forwarding_enabled Directory Service d-906769962c have log forwarding to CloudWatch disabled

As a best practice, monitor your organization to ensure that changes are logged. This helps you to ensure that any unexpected change can be investigated and unwanted changes can be rolled back.

It is recommended that that the export of logs is enabled.

FAIL medium directoryservice us-east-1 Directory Service has SNS Notifications enabled. d-906769962c Directory Service has SNS Notifications enabled. directoryservice_directory_monitor_notifications Directory Service d-906769962c have SNS messaging disabled

As a best practice, monitor status of Directory Service. This helps to avoid late actions to fix Directory Service issues.

It is recommended set up SNS messaging to send email or text messages when the status of your directory changes.

FAIL medium directoryservice us-east-1 Ensure Radius server in DS is using the recommended security protocol. d-906769962c Ensure Radius server in DS is using the recommended security protocol. directoryservice_radius_server_security_protocol Radius server of Directory d-906769962c does not have recommended security protocol for the Radius server

As a best practice, you might need to configure the authentication protocol between the Microsoft AD DCs and the RADIUS/MFA server. Supported protocols are PAP, CHAP MS-CHAPv1, and MS-CHAPv2. MS-CHAPv2 is recommended because it provides the strongest security of the three options.

MS-CHAPv2 provides the strongest security of the options supported, and is therefore recommended.

FAIL medium directoryservice us-east-1 Ensure Multi-Factor Authentication (MFA) using Radius Server is enabled in DS. d-906769962c Ensure Multi-Factor Authentication (MFA) using Radius Server is enabled in DS. directoryservice_supported_mfa_radius_enabled Directory d-906769962c does not have Radius MFA enabled

Multi-Factor Authentication (MFA) adds an extra layer of authentication assurance beyond traditional username and password.

Enabling MFA provides increased security to a user name and password as it requires the user to possess a solution that displays a time-sensitive authentication code.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0018e8a7d6d0add0a Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0018e8a7d6d0add0a is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0fc316f8f9c3f73c4 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0fc316f8f9c3f73c4 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-00ceb4d826e25a122 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-00ceb4d826e25a122 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0cda34df73e692d38 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0cda34df73e692d38 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0a66a825f942ae0e1 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0a66a825f942ae0e1 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0a0c700bebf52eb74 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0a0c700bebf52eb74 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-06bf3a06afb530ff7 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-06bf3a06afb530ff7 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0c86838c18cbc806c Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0c86838c18cbc806c is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-05c276b2ff6f60388 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-05c276b2ff6f60388 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-08740d7b1041254f6 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-08740d7b1041254f6 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0751e8cb55a23ff36 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0751e8cb55a23ff36 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0826789bbe598538b Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0826789bbe598538b is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-050e59d283a2b1044 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-050e59d283a2b1044 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0fd4ff9d094c9db23 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0fd4ff9d094c9db23 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-029308968e9547aa0 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-029308968e9547aa0 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-07948383144da3eaa Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-07948383144da3eaa is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0b47d36cae0c7daa9 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0b47d36cae0c7daa9 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-01b6c6cb2a7800069 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-01b6c6cb2a7800069 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0ad53fe996d650ab4 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0ad53fe996d650ab4 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-070a9304e9292bae7 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-070a9304e9292bae7 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0efca13240db60e12 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0efca13240db60e12 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-012bb10fe87bffe7a Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-012bb10fe87bffe7a is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0460a08bb9fe0bc91 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0460a08bb9fe0bc91 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-05c7beb5fe304a583 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-05c7beb5fe304a583 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-09820cdd8c657842d Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-09820cdd8c657842d is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-00ddb88cc64cfb082 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-00ddb88cc64cfb082 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-027709daf5adb4af4 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-027709daf5adb4af4 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0afb5c8c424146df3 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0afb5c8c424146df3 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0a2efe96d8b23fc02 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0a2efe96d8b23fc02 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-01ad1617276963099 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-01ad1617276963099 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-04cb2a96cf377cb0b Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-04cb2a96cf377cb0b is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-01c019aaa08c7d046 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-01c019aaa08c7d046 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-05bb411cae567311c Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-05bb411cae567311c is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0a9b50b3609981939 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0a9b50b3609981939 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0a9581443a029a739 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0a9581443a029a739 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0219684a574a3e32f Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0219684a574a3e32f is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0b48c67944442bf20 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0b48c67944442bf20 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-01cef41387a0186b4 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-01cef41387a0186b4 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-054e0cf7b2ffa0a10 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-054e0cf7b2ffa0a10 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0031d2af71414d729 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0031d2af71414d729 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-04437d483ec0121d9 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-04437d483ec0121d9 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0f76a8612bec6fb48 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0f76a8612bec6fb48 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0a8e0f439b4ef98dc Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0a8e0f439b4ef98dc is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-04099a845119f6f05 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-04099a845119f6f05 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0988be26776daa189 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0988be26776daa189 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0cf2ce5419463b285 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0cf2ce5419463b285 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0e1113cfaa41d218e Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0e1113cfaa41d218e is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0a04d864045e18474 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0a04d864045e18474 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-005841508dcaf8d4b Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-005841508dcaf8d4b is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0d30d290029b082d8 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0d30d290029b082d8 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-08bde8ff706c1a8c9 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-08bde8ff706c1a8c9 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0dab1c941c0328e69 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0dab1c941c0328e69 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-09ed7b4a0477c8761 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-09ed7b4a0477c8761 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0abdf11a2a468ff95 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0abdf11a2a468ff95 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-066c0a0139fae7ff2 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-066c0a0139fae7ff2 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-03b37f1bc68490071 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-03b37f1bc68490071 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-065f98f42b09e9984 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-065f98f42b09e9984 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-08cfdefb3c85ca1c0 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-08cfdefb3c85ca1c0 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0020d46b36a625125 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0020d46b36a625125 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-007747239863a8b65 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-007747239863a8b65 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0445ada17ff884503 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0445ada17ff884503 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0efd44d4bab063399 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0efd44d4bab063399 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0e068b4e14f5473f7 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0e068b4e14f5473f7 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-051da5dac65fb5532 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-051da5dac65fb5532 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0ccda562dc7df3a3f Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0ccda562dc7df3a3f is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0ce6e89b24147b65e Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0ce6e89b24147b65e is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0ef80bb5d5df0ccc2 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0ef80bb5d5df0ccc2 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0818d3e8b4d00d09c Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0818d3e8b4d00d09c is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0adf17abf392fd387 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0adf17abf392fd387 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-07d1d04a2290ff89b Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-07d1d04a2290ff89b is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0a36cfa10f87a4b4c Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0a36cfa10f87a4b4c is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0e24864de1be1f41f Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0e24864de1be1f41f is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-06ba72bb83ca08ea2 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-06ba72bb83ca08ea2 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0efd76db631edca20 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0efd76db631edca20 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-01296df14e894bc42 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-01296df14e894bc42 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-04b7351c1ba1d4082 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-04b7351c1ba1d4082 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0cf2feb2042aceebc Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0cf2feb2042aceebc is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-08cd8ce56ffefa07f Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-08cd8ce56ffefa07f is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-04e8f1b7ee0073703 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-04e8f1b7ee0073703 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0c64fba33a3801d0d Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0c64fba33a3801d0d is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 ap-south-1 Ensure there are no EC2 AMIs set as Public. ami-0e5fe52df21de43d8 Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-0e5fe52df21de43d8 is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

PASS critical ec2 us-east-1 Ensure there are no EC2 AMIs set as Public. ami-08cfc83918b0b8c8b Ensure there are no EC2 AMIs set as Public. ec2_ami_public EC2 AMI ami-08cfc83918b0b8c8b is not public.

A shared AMI is an AMI that a developer created and made available for other developers to use. If AMIs have embebed information about the environment could pose a security risk. You use a shared AMI at your own risk. Amazon can not vouch for the integrity or security of AMIs shared by Amazon EC2 users.

List all shared AMIs and make sure there is a business reason for them.

FAIL medium ec2 ap-northeast-1 Check if EBS Default Encryption is activated. EBS Default Encryption Check if EBS Default Encryption is activated. ec2_ebs_default_encryption EBS Default Encryption is not activated.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium ec2 ap-northeast-2 Check if EBS Default Encryption is activated. EBS Default Encryption Check if EBS Default Encryption is activated. ec2_ebs_default_encryption EBS Default Encryption is not activated.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium ec2 ap-northeast-3 Check if EBS Default Encryption is activated. EBS Default Encryption Check if EBS Default Encryption is activated. ec2_ebs_default_encryption EBS Default Encryption is not activated.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium ec2 ap-south-1 Check if EBS Default Encryption is activated. EBS Default Encryption Check if EBS Default Encryption is activated. ec2_ebs_default_encryption EBS Default Encryption is not activated.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium ec2 ap-southeast-1 Check if EBS Default Encryption is activated. EBS Default Encryption Check if EBS Default Encryption is activated. ec2_ebs_default_encryption EBS Default Encryption is not activated.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium ec2 ap-southeast-2 Check if EBS Default Encryption is activated. EBS Default Encryption Check if EBS Default Encryption is activated. ec2_ebs_default_encryption EBS Default Encryption is not activated.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium ec2 ca-central-1 Check if EBS Default Encryption is activated. EBS Default Encryption Check if EBS Default Encryption is activated. ec2_ebs_default_encryption EBS Default Encryption is not activated.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium ec2 eu-central-1 Check if EBS Default Encryption is activated. EBS Default Encryption Check if EBS Default Encryption is activated. ec2_ebs_default_encryption EBS Default Encryption is not activated.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium ec2 eu-north-1 Check if EBS Default Encryption is activated. EBS Default Encryption Check if EBS Default Encryption is activated. ec2_ebs_default_encryption EBS Default Encryption is not activated.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium ec2 eu-west-1 Check if EBS Default Encryption is activated. EBS Default Encryption Check if EBS Default Encryption is activated. ec2_ebs_default_encryption EBS Default Encryption is not activated.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium ec2 eu-west-2 Check if EBS Default Encryption is activated. EBS Default Encryption Check if EBS Default Encryption is activated. ec2_ebs_default_encryption EBS Default Encryption is not activated.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium ec2 eu-west-3 Check if EBS Default Encryption is activated. EBS Default Encryption Check if EBS Default Encryption is activated. ec2_ebs_default_encryption EBS Default Encryption is not activated.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium ec2 sa-east-1 Check if EBS Default Encryption is activated. EBS Default Encryption Check if EBS Default Encryption is activated. ec2_ebs_default_encryption EBS Default Encryption is not activated.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium ec2 us-east-1 Check if EBS Default Encryption is activated. EBS Default Encryption Check if EBS Default Encryption is activated. ec2_ebs_default_encryption EBS Default Encryption is not activated.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium ec2 us-east-2 Check if EBS Default Encryption is activated. EBS Default Encryption Check if EBS Default Encryption is activated. ec2_ebs_default_encryption EBS Default Encryption is not activated.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium ec2 us-west-1 Check if EBS Default Encryption is activated. EBS Default Encryption Check if EBS Default Encryption is activated. ec2_ebs_default_encryption EBS Default Encryption is not activated.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium ec2 us-west-2 Check if EBS Default Encryption is activated. EBS Default Encryption Check if EBS Default Encryption is activated. ec2_ebs_default_encryption EBS Default Encryption is not activated.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0622a94880169fc9e Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0622a94880169fc9e is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-01b8eaf0aa9d9345b Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-01b8eaf0aa9d9345b is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-08ca73f3d6545e91f Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-08ca73f3d6545e91f is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-07dfedc81c4ff5f17 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-07dfedc81c4ff5f17 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-010aa81e6b8a4f00d Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-010aa81e6b8a4f00d is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0611020500372ee84 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0611020500372ee84 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-040ffbe570255ec5e Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-040ffbe570255ec5e is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-07c18714f319b32ec Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-07c18714f319b32ec is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-071130c03aa1e53bd Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-071130c03aa1e53bd is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0dd25bf7d3bb48359 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0dd25bf7d3bb48359 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0e3461b48d1171bae Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0e3461b48d1171bae is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-03d8a2a190bcb4ded Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-03d8a2a190bcb4ded is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-06f3c751d14057493 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-06f3c751d14057493 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-09b5d3c2b58d89c57 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-09b5d3c2b58d89c57 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-00818edf50810e3cc Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-00818edf50810e3cc is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0485a4c6202da3d14 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0485a4c6202da3d14 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0dc7500c9aeb31138 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0dc7500c9aeb31138 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0c4da1e86edb292fd Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0c4da1e86edb292fd is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-030374eda7f5fbd92 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-030374eda7f5fbd92 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-03a356b50ab38a27a Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-03a356b50ab38a27a is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0585cd0b29394fb44 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0585cd0b29394fb44 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-022ef983b842ec47e Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-022ef983b842ec47e is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-050f0858c4955d25b Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-050f0858c4955d25b is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0d7e89fa78aa3612e Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0d7e89fa78aa3612e is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0a72a43bc78466367 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0a72a43bc78466367 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0e9916950153853d1 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0e9916950153853d1 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-06bb5d55846614896 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-06bb5d55846614896 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-04d8960517f9e72ea Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-04d8960517f9e72ea is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0fb2d997acfe3fc54 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0fb2d997acfe3fc54 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-068dd4d3abebd3d80 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-068dd4d3abebd3d80 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-02c091df747da3d3b Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-02c091df747da3d3b is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0f4eb30beb2aaf75f Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0f4eb30beb2aaf75f is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-01d09e8faa50b4297 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-01d09e8faa50b4297 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0056bdc72f8d40bce Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0056bdc72f8d40bce is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-087680dc7ab7fc24e Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-087680dc7ab7fc24e is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-08ac9e94c358faccf Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-08ac9e94c358faccf is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0b4903583a1ce3637 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0b4903583a1ce3637 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0c9efd466d366a833 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0c9efd466d366a833 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0c520cdbdca369b8e Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0c520cdbdca369b8e is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-03ad9fdc0adffa61b Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-03ad9fdc0adffa61b is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0641c8bc9d117561c Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0641c8bc9d117561c is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-06d6e49d46f3066e4 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-06d6e49d46f3066e4 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-04812aeee336b92b0 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-04812aeee336b92b0 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0de31f78f96b0af17 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0de31f78f96b0af17 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0c0461c686ead0455 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0c0461c686ead0455 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-08f86546782297252 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-08f86546782297252 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-087eb0d701ada6234 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-087eb0d701ada6234 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-020b67be510a6c568 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-020b67be510a6c568 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-022914d17fa7701db Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-022914d17fa7701db is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-01e8a63792135377d Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-01e8a63792135377d is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-02532171666ff9ebb Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-02532171666ff9ebb is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-01795651adda5c63d Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-01795651adda5c63d is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-03e823f09a123c36c Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-03e823f09a123c36c is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-03fb57967d341d0bf Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-03fb57967d341d0bf is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-025b1d9caac7b9291 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-025b1d9caac7b9291 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0997b8d6c5a5bd777 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0997b8d6c5a5bd777 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-00e0b75b99e80f197 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-00e0b75b99e80f197 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-061318ae6f331f1a4 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-061318ae6f331f1a4 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0c56a773ab25bd851 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0c56a773ab25bd851 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-06aea6e12bdef41ea Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-06aea6e12bdef41ea is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-01fe0248adf2a2aa3 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-01fe0248adf2a2aa3 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-088c599dd22e735c7 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-088c599dd22e735c7 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0dd7b19213587d0a4 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0dd7b19213587d0a4 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0b9e2f9a206b90084 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0b9e2f9a206b90084 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-05da468af1a62409d Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-05da468af1a62409d is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-02442f9cad1b79dbf Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-02442f9cad1b79dbf is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0adef1d95d6767932 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0adef1d95d6767932 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-031844881dde7bab3 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-031844881dde7bab3 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-07fd247dfb21a2803 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-07fd247dfb21a2803 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-09ee32bc093251b15 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-09ee32bc093251b15 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0498d33d02edff906 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0498d33d02edff906 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0f582721e2a2bdb3b Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0f582721e2a2bdb3b is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-091c2b5d57180305a Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-091c2b5d57180305a is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0f46bba85ad576cf9 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0f46bba85ad576cf9 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0f12a3b8b22d64159 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0f12a3b8b22d64159 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0341d4313745e93a8 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0341d4313745e93a8 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-05ec194ae65d9484e Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-05ec194ae65d9484e is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-030ab2fb0a9687603 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-030ab2fb0a9687603 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-00792be50739611a5 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-00792be50739611a5 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-017eaa0eb6c0a5a82 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-017eaa0eb6c0a5a82 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0b1374f7dc115ec15 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0b1374f7dc115ec15 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-012f395e484d6587f Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-012f395e484d6587f is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-08aa4d247c7ccffdc Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-08aa4d247c7ccffdc is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0917b02c94671bf4f Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0917b02c94671bf4f is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-018c5c22dcca87029 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-018c5c22dcca87029 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0ba20af0f6e13842d Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0ba20af0f6e13842d is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0a22f3a76bd625266 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0a22f3a76bd625266 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0d0c97b1e7e19356f Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0d0c97b1e7e19356f is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-03b5e483281934366 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-03b5e483281934366 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-01bb12816bb3c76af Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-01bb12816bb3c76af is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-09a200d0baae1e5d9 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-09a200d0baae1e5d9 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0539c8e289b04484f Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0539c8e289b04484f is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0afda8778a0b2e26b Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0afda8778a0b2e26b is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0809f76b3124e8481 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0809f76b3124e8481 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-07d5aaac92bcdbeac Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-07d5aaac92bcdbeac is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-01cadbf9ddc053792 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-01cadbf9ddc053792 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0a72d597d62e2cd01 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0a72d597d62e2cd01 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-026774bb792a197e7 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-026774bb792a197e7 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0bb6f8f32b2cb4fca Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0bb6f8f32b2cb4fca is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-04df7e251ae6e0cfe Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-04df7e251ae6e0cfe is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-02179a4d126c52aa1 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-02179a4d126c52aa1 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0cc079c73861a4aff Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0cc079c73861a4aff is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0790c7a1b159fdd5a Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0790c7a1b159fdd5a is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-030cd1b57bca13602 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-030cd1b57bca13602 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0e29b99ea2e640b81 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0e29b99ea2e640b81 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0e82db2ffa7743f70 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0e82db2ffa7743f70 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-07879f9ffc76c1a4e Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-07879f9ffc76c1a4e is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-099852369db9e4754 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-099852369db9e4754 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-030ce343c73844bcf Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-030ce343c73844bcf is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0b428785f8c8a3a4c Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0b428785f8c8a3a4c is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-052a9462ffa13ed6c Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-052a9462ffa13ed6c is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-05f5f455f9944443c Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-05f5f455f9944443c is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-019d54e88aface825 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-019d54e88aface825 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0da13f419fb5d9bee Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0da13f419fb5d9bee is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-02a9b47c8ab4cecd0 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-02a9b47c8ab4cecd0 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0243907c6d8396bb8 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0243907c6d8396bb8 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-08e03dcd383a3aa44 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-08e03dcd383a3aa44 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0933a17ca736f6b77 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0933a17ca736f6b77 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-08a0d1a396c4aa2be Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-08a0d1a396c4aa2be is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-049027679ceef886d Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-049027679ceef886d is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-003f763931b0c1e8f Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-003f763931b0c1e8f is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0aeeb74fcdb88ebd9 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0aeeb74fcdb88ebd9 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-03bac3be178a17311 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-03bac3be178a17311 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0b540192b41c105eb Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0b540192b41c105eb is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0530fea6befb7f72b Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0530fea6befb7f72b is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0b688f2736bf5bad4 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0b688f2736bf5bad4 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-00d707adc8480b047 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-00d707adc8480b047 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0882adc631671a2b8 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0882adc631671a2b8 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0f607309686a7d25f Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0f607309686a7d25f is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0317b4229e95fdfd8 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0317b4229e95fdfd8 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0b0b155d289a0bac5 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0b0b155d289a0bac5 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-03a009e9beb0da3f7 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-03a009e9beb0da3f7 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-04a18089c90e1260e Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-04a18089c90e1260e is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0cc58bc4dc97b399b Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0cc58bc4dc97b399b is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0e02a396c750c736b Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0e02a396c750c736b is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0d2c7ad629ee47dfe Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0d2c7ad629ee47dfe is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-055f56fdedf0b6a7f Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-055f56fdedf0b6a7f is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0a198bef20f78d466 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0a198bef20f78d466 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0a4e9dcee59c3e935 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0a4e9dcee59c3e935 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-003cbcab27a2b8cc5 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-003cbcab27a2b8cc5 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0b953ec8b25bb79b8 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0b953ec8b25bb79b8 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0e7efcd133510ac82 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0e7efcd133510ac82 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0d48e7f1ecb2af58f Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0d48e7f1ecb2af58f is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-049710eb990d06c66 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-049710eb990d06c66 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-015a805bbdab25397 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-015a805bbdab25397 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0ccecbf3352a85d92 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0ccecbf3352a85d92 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0c1d90fc770c08f3e Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0c1d90fc770c08f3e is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-001499538bfa02c79 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-001499538bfa02c79 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0d61a3d02fe050a79 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0d61a3d02fe050a79 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-00564895a4b383633 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-00564895a4b383633 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0b7a64d674eb5cf25 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0b7a64d674eb5cf25 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-004af16197f9b2d15 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-004af16197f9b2d15 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0ad073989c9e51746 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0ad073989c9e51746 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-086b0b2cb77911fbe Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-086b0b2cb77911fbe is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0d309e43242d16c39 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0d309e43242d16c39 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0054279d78fa43f21 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0054279d78fa43f21 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-08509fb97f6368608 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-08509fb97f6368608 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0af74db7b91ad0fef Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0af74db7b91ad0fef is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0cb054b96ef1201b6 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0cb054b96ef1201b6 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-05a1ab37a7c734e7e Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-05a1ab37a7c734e7e is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-06981ad9be754bda5 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-06981ad9be754bda5 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-01799a1036509fce7 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-01799a1036509fce7 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-037e436a6609b27ef Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-037e436a6609b27ef is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0946da4a34969a91c Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0946da4a34969a91c is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0228aa32190cbf607 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0228aa32190cbf607 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0591754941a65dbf2 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0591754941a65dbf2 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0a0b477588407543f Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0a0b477588407543f is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0a0babf6f9261e644 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0a0babf6f9261e644 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0593aca86b1b615c6 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0593aca86b1b615c6 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-04c897c6bcd9fce84 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-04c897c6bcd9fce84 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-083f1d3cebf29b150 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-083f1d3cebf29b150 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0009dd882eaf0b4b2 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0009dd882eaf0b4b2 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0782856870ae5a65f Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0782856870ae5a65f is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0365d7ae246dcc20d Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0365d7ae246dcc20d is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-076197ad79c63334a Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-076197ad79c63334a is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0843e2d1f28ec1157 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0843e2d1f28ec1157 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-03008860ecba17e98 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-03008860ecba17e98 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-03c18165e84e612dd Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-03c18165e84e612dd is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-06bc8be4b0b3f49b0 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-06bc8be4b0b3f49b0 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0bd60c5cf3baf472a Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0bd60c5cf3baf472a is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0e98fda1728ea85c8 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0e98fda1728ea85c8 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0eb96d6970d0fd9af Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0eb96d6970d0fd9af is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-02d2235f771236c27 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-02d2235f771236c27 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-0654f22072d6a5788 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-0654f22072d6a5788 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-004c3c5024e66c34a Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-004c3c5024e66c34a is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 ap-south-1 Ensure there are no EBS Snapshots set as Public. snap-09ad6617f54885be5 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-09ad6617f54885be5 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

PASS critical ec2 us-east-1 Ensure there are no EBS Snapshots set as Public. snap-022b448678f2eeb65 Ensure there are no EBS Snapshots set as Public. ec2_ebs_public_snapshot EBS Snapshot snap-022b448678f2eeb65 is not Public.

When you share a snapshot, you are giving others access to all of the data on the snapshot. Share snapshots only with people with whom you want to share all of your snapshot data.

Ensure the snapshot should be shared.

FAIL medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0622a94880169fc9e Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0622a94880169fc9e is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-01b8eaf0aa9d9345b Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-01b8eaf0aa9d9345b is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-08ca73f3d6545e91f Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-08ca73f3d6545e91f is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-07dfedc81c4ff5f17 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-07dfedc81c4ff5f17 is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-010aa81e6b8a4f00d Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-010aa81e6b8a4f00d is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0611020500372ee84 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0611020500372ee84 is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-040ffbe570255ec5e Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-040ffbe570255ec5e is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-07c18714f319b32ec Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-07c18714f319b32ec is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-071130c03aa1e53bd Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-071130c03aa1e53bd is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0dd25bf7d3bb48359 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0dd25bf7d3bb48359 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0e3461b48d1171bae Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0e3461b48d1171bae is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-03d8a2a190bcb4ded Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-03d8a2a190bcb4ded is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-06f3c751d14057493 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-06f3c751d14057493 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-09b5d3c2b58d89c57 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-09b5d3c2b58d89c57 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-00818edf50810e3cc Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-00818edf50810e3cc is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0485a4c6202da3d14 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0485a4c6202da3d14 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0dc7500c9aeb31138 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0dc7500c9aeb31138 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0c4da1e86edb292fd Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0c4da1e86edb292fd is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-030374eda7f5fbd92 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-030374eda7f5fbd92 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-03a356b50ab38a27a Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-03a356b50ab38a27a is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0585cd0b29394fb44 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0585cd0b29394fb44 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-022ef983b842ec47e Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-022ef983b842ec47e is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-050f0858c4955d25b Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-050f0858c4955d25b is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0d7e89fa78aa3612e Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0d7e89fa78aa3612e is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0a72a43bc78466367 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0a72a43bc78466367 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0e9916950153853d1 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0e9916950153853d1 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-06bb5d55846614896 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-06bb5d55846614896 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-04d8960517f9e72ea Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-04d8960517f9e72ea is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0fb2d997acfe3fc54 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0fb2d997acfe3fc54 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-068dd4d3abebd3d80 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-068dd4d3abebd3d80 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-02c091df747da3d3b Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-02c091df747da3d3b is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0f4eb30beb2aaf75f Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0f4eb30beb2aaf75f is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-01d09e8faa50b4297 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-01d09e8faa50b4297 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0056bdc72f8d40bce Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0056bdc72f8d40bce is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-087680dc7ab7fc24e Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-087680dc7ab7fc24e is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-08ac9e94c358faccf Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-08ac9e94c358faccf is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0b4903583a1ce3637 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0b4903583a1ce3637 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0c9efd466d366a833 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0c9efd466d366a833 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0c520cdbdca369b8e Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0c520cdbdca369b8e is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-03ad9fdc0adffa61b Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-03ad9fdc0adffa61b is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0641c8bc9d117561c Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0641c8bc9d117561c is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-06d6e49d46f3066e4 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-06d6e49d46f3066e4 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-04812aeee336b92b0 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-04812aeee336b92b0 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0de31f78f96b0af17 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0de31f78f96b0af17 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0c0461c686ead0455 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0c0461c686ead0455 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-08f86546782297252 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-08f86546782297252 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-087eb0d701ada6234 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-087eb0d701ada6234 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-020b67be510a6c568 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-020b67be510a6c568 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-022914d17fa7701db Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-022914d17fa7701db is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-01e8a63792135377d Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-01e8a63792135377d is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-02532171666ff9ebb Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-02532171666ff9ebb is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-01795651adda5c63d Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-01795651adda5c63d is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-03e823f09a123c36c Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-03e823f09a123c36c is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-03fb57967d341d0bf Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-03fb57967d341d0bf is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-025b1d9caac7b9291 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-025b1d9caac7b9291 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0997b8d6c5a5bd777 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0997b8d6c5a5bd777 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-00e0b75b99e80f197 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-00e0b75b99e80f197 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-061318ae6f331f1a4 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-061318ae6f331f1a4 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0c56a773ab25bd851 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0c56a773ab25bd851 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-06aea6e12bdef41ea Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-06aea6e12bdef41ea is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-01fe0248adf2a2aa3 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-01fe0248adf2a2aa3 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-088c599dd22e735c7 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-088c599dd22e735c7 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0dd7b19213587d0a4 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0dd7b19213587d0a4 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0b9e2f9a206b90084 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0b9e2f9a206b90084 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-05da468af1a62409d Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-05da468af1a62409d is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-02442f9cad1b79dbf Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-02442f9cad1b79dbf is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0adef1d95d6767932 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0adef1d95d6767932 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-031844881dde7bab3 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-031844881dde7bab3 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-07fd247dfb21a2803 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-07fd247dfb21a2803 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-09ee32bc093251b15 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-09ee32bc093251b15 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0498d33d02edff906 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0498d33d02edff906 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0f582721e2a2bdb3b Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0f582721e2a2bdb3b is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-091c2b5d57180305a Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-091c2b5d57180305a is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0f46bba85ad576cf9 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0f46bba85ad576cf9 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0f12a3b8b22d64159 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0f12a3b8b22d64159 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0341d4313745e93a8 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0341d4313745e93a8 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-05ec194ae65d9484e Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-05ec194ae65d9484e is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-030ab2fb0a9687603 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-030ab2fb0a9687603 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-00792be50739611a5 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-00792be50739611a5 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-017eaa0eb6c0a5a82 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-017eaa0eb6c0a5a82 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0b1374f7dc115ec15 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0b1374f7dc115ec15 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-012f395e484d6587f Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-012f395e484d6587f is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-08aa4d247c7ccffdc Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-08aa4d247c7ccffdc is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0917b02c94671bf4f Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0917b02c94671bf4f is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-018c5c22dcca87029 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-018c5c22dcca87029 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0ba20af0f6e13842d Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0ba20af0f6e13842d is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0a22f3a76bd625266 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0a22f3a76bd625266 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0d0c97b1e7e19356f Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0d0c97b1e7e19356f is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-03b5e483281934366 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-03b5e483281934366 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-01bb12816bb3c76af Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-01bb12816bb3c76af is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-09a200d0baae1e5d9 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-09a200d0baae1e5d9 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0539c8e289b04484f Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0539c8e289b04484f is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0afda8778a0b2e26b Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0afda8778a0b2e26b is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0809f76b3124e8481 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0809f76b3124e8481 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-07d5aaac92bcdbeac Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-07d5aaac92bcdbeac is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-01cadbf9ddc053792 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-01cadbf9ddc053792 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0a72d597d62e2cd01 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0a72d597d62e2cd01 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-026774bb792a197e7 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-026774bb792a197e7 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0bb6f8f32b2cb4fca Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0bb6f8f32b2cb4fca is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-04df7e251ae6e0cfe Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-04df7e251ae6e0cfe is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-02179a4d126c52aa1 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-02179a4d126c52aa1 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0cc079c73861a4aff Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0cc079c73861a4aff is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0790c7a1b159fdd5a Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0790c7a1b159fdd5a is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-030cd1b57bca13602 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-030cd1b57bca13602 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0e29b99ea2e640b81 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0e29b99ea2e640b81 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0e82db2ffa7743f70 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0e82db2ffa7743f70 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-07879f9ffc76c1a4e Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-07879f9ffc76c1a4e is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-099852369db9e4754 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-099852369db9e4754 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-030ce343c73844bcf Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-030ce343c73844bcf is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0b428785f8c8a3a4c Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0b428785f8c8a3a4c is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-052a9462ffa13ed6c Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-052a9462ffa13ed6c is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-05f5f455f9944443c Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-05f5f455f9944443c is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-019d54e88aface825 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-019d54e88aface825 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0da13f419fb5d9bee Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0da13f419fb5d9bee is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-02a9b47c8ab4cecd0 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-02a9b47c8ab4cecd0 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0243907c6d8396bb8 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0243907c6d8396bb8 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-08e03dcd383a3aa44 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-08e03dcd383a3aa44 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0933a17ca736f6b77 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0933a17ca736f6b77 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-08a0d1a396c4aa2be Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-08a0d1a396c4aa2be is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-049027679ceef886d Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-049027679ceef886d is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-003f763931b0c1e8f Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-003f763931b0c1e8f is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0aeeb74fcdb88ebd9 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0aeeb74fcdb88ebd9 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-03bac3be178a17311 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-03bac3be178a17311 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0b540192b41c105eb Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0b540192b41c105eb is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0530fea6befb7f72b Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0530fea6befb7f72b is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0b688f2736bf5bad4 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0b688f2736bf5bad4 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-00d707adc8480b047 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-00d707adc8480b047 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0882adc631671a2b8 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0882adc631671a2b8 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0f607309686a7d25f Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0f607309686a7d25f is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0317b4229e95fdfd8 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0317b4229e95fdfd8 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0b0b155d289a0bac5 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0b0b155d289a0bac5 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-03a009e9beb0da3f7 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-03a009e9beb0da3f7 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-04a18089c90e1260e Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-04a18089c90e1260e is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0cc58bc4dc97b399b Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0cc58bc4dc97b399b is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0e02a396c750c736b Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0e02a396c750c736b is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0d2c7ad629ee47dfe Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0d2c7ad629ee47dfe is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-055f56fdedf0b6a7f Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-055f56fdedf0b6a7f is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0a198bef20f78d466 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0a198bef20f78d466 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0a4e9dcee59c3e935 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0a4e9dcee59c3e935 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-003cbcab27a2b8cc5 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-003cbcab27a2b8cc5 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0b953ec8b25bb79b8 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0b953ec8b25bb79b8 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0e7efcd133510ac82 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0e7efcd133510ac82 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0d48e7f1ecb2af58f Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0d48e7f1ecb2af58f is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-049710eb990d06c66 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-049710eb990d06c66 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-015a805bbdab25397 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-015a805bbdab25397 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0ccecbf3352a85d92 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0ccecbf3352a85d92 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0c1d90fc770c08f3e Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0c1d90fc770c08f3e is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-001499538bfa02c79 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-001499538bfa02c79 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0d61a3d02fe050a79 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0d61a3d02fe050a79 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-00564895a4b383633 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-00564895a4b383633 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0b7a64d674eb5cf25 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0b7a64d674eb5cf25 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-004af16197f9b2d15 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-004af16197f9b2d15 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0ad073989c9e51746 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0ad073989c9e51746 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-086b0b2cb77911fbe Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-086b0b2cb77911fbe is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0d309e43242d16c39 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0d309e43242d16c39 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0054279d78fa43f21 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0054279d78fa43f21 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-08509fb97f6368608 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-08509fb97f6368608 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0af74db7b91ad0fef Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0af74db7b91ad0fef is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0cb054b96ef1201b6 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0cb054b96ef1201b6 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-05a1ab37a7c734e7e Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-05a1ab37a7c734e7e is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-06981ad9be754bda5 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-06981ad9be754bda5 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-01799a1036509fce7 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-01799a1036509fce7 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-037e436a6609b27ef Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-037e436a6609b27ef is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0946da4a34969a91c Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0946da4a34969a91c is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0228aa32190cbf607 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0228aa32190cbf607 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0591754941a65dbf2 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0591754941a65dbf2 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0a0b477588407543f Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0a0b477588407543f is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0a0babf6f9261e644 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0a0babf6f9261e644 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0593aca86b1b615c6 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0593aca86b1b615c6 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-04c897c6bcd9fce84 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-04c897c6bcd9fce84 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-083f1d3cebf29b150 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-083f1d3cebf29b150 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0009dd882eaf0b4b2 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0009dd882eaf0b4b2 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0782856870ae5a65f Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0782856870ae5a65f is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0365d7ae246dcc20d Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0365d7ae246dcc20d is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-076197ad79c63334a Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-076197ad79c63334a is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0843e2d1f28ec1157 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0843e2d1f28ec1157 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-03008860ecba17e98 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-03008860ecba17e98 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-03c18165e84e612dd Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-03c18165e84e612dd is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-06bc8be4b0b3f49b0 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-06bc8be4b0b3f49b0 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0bd60c5cf3baf472a Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0bd60c5cf3baf472a is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0e98fda1728ea85c8 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0e98fda1728ea85c8 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0eb96d6970d0fd9af Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0eb96d6970d0fd9af is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-02d2235f771236c27 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-02d2235f771236c27 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-0654f22072d6a5788 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-0654f22072d6a5788 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-004c3c5024e66c34a Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-004c3c5024e66c34a is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Check if EBS snapshots are encrypted. snap-09ad6617f54885be5 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-09ad6617f54885be5 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 us-east-1 Check if EBS snapshots are encrypted. snap-022b448678f2eeb65 Check if EBS snapshots are encrypted. ec2_ebs_snapshots_encrypted EBS Snapshot snap-022b448678f2eeb65 is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS Snapshot and Enable Encryption by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-0a7716b4993f44f25 Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-0a7716b4993f44f25 is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-0119f51a29ad658eb Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-0119f51a29ad658eb is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-05ded263a69d9d833 Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-05ded263a69d9d833 is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-07a6182179d8938fd Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-07a6182179d8938fd is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-06efd9c62aa64e2dd Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-06efd9c62aa64e2dd is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-08328a27be868eb2b Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-08328a27be868eb2b is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-0719495912d867e2c Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-0719495912d867e2c is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-04c8c61f50865cdeb Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-04c8c61f50865cdeb is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-0fd080910d1dcbe19 Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-0fd080910d1dcbe19 is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-0edae4ca3ad260b56 Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-0edae4ca3ad260b56 is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-0abd04ed1231ade0f Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-0abd04ed1231ade0f is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-08fab72f5f2f77747 Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-08fab72f5f2f77747 is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-05f2620eeefe09d8c Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-05f2620eeefe09d8c is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-0f923fdc1a835f55b Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-0f923fdc1a835f55b is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-02e5c947fe6f6a9d0 Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-02e5c947fe6f6a9d0 is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-00e9b8dfc523697f4 Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-00e9b8dfc523697f4 is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-061c22725dfe989a1 Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-061c22725dfe989a1 is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-019e29d450abbe8e6 Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-019e29d450abbe8e6 is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-0ec44b94e55849a1e Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-0ec44b94e55849a1e is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-0adc058c1d270dd86 Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-0adc058c1d270dd86 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-0222c657313583109 Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-0222c657313583109 is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-00ffdee7173a0513c Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-00ffdee7173a0513c is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-017864882d63972b0 Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-017864882d63972b0 is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-023e6184e12335e30 Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-023e6184e12335e30 is encrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-0a0920da320510d32 Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-0a0920da320510d32 is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

FAIL medium ec2 ap-south-1 Ensure there are no EBS Volumes unencrypted. vol-0e92021acccf43774 Ensure there are no EBS Volumes unencrypted. ec2_ebs_volume_encryption EBS Snapshot vol-0e92021acccf43774 is unencrypted.

Data encryption at rest prevents data visibility in the event of its unauthorized access or theft.

Encrypt all EBS volumes and Enable Encryption by default You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example; Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.

PASS low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 13.126.195.229 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 13.126.195.229 is associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

PASS low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 13.127.148.48 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 13.127.148.48 is associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

PASS low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 13.232.150.131 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 13.232.150.131 is associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

FAIL low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 13.233.63.131 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 13.233.63.131 is not associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

PASS low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 13.234.241.114 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 13.234.241.114 is associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

PASS low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 13.235.34.5 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 13.235.34.5 is associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

PASS low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 15.206.129.110 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 15.206.129.110 is associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

FAIL low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 15.206.15.203 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 15.206.15.203 is not associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

PASS low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 15.206.191.199 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 15.206.191.199 is associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

PASS low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 15.206.24.152 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 15.206.24.152 is associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

PASS low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 15.207.38.210 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 15.207.38.210 is associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

PASS low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 3.108.178.28 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 3.108.178.28 is associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

PASS low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 3.111.112.116 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 3.111.112.116 is associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

PASS low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 3.111.193.196 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 3.111.193.196 is associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

PASS low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 3.6.218.172 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 3.6.218.172 is associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

PASS low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 3.6.34.160 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 3.6.34.160 is associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

PASS low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 3.6.49.75 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 3.6.49.75 is associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

FAIL low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 3.6.83.28 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 3.6.83.28 is not associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

FAIL low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 3.6.99.2 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 3.6.99.2 is not associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

FAIL low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 3.7.26.52 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 3.7.26.52 is not associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

PASS low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 65.0.148.77 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 65.0.148.77 is associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

FAIL low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 65.1.14.161 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 65.1.14.161 is not associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

PASS low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 65.1.189.126 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 65.1.189.126 is associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

PASS low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 65.1.202.96 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 65.1.202.96 is associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

PASS low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 65.2.108.162 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 65.2.108.162 is associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

PASS low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 65.2.28.105 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 65.2.28.105 is associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

FAIL low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 65.2.72.56 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 65.2.72.56 is not associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

FAIL low ec2 ap-south-1 Check if there is any unassigned Elastic IP. 65.2.99.72 Check if there is any unassigned Elastic IP. ec2_elastic_ip_unassgined Elastic IP 65.2.99.72 is not associated with an instance or network interface.

Unassigned Elastic IPs may result in extra cost.

Ensure Elastic IPs are not unassigned.

FAIL medium ec2 ap-south-1 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. i-015f59467ce090d2c Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. ec2_instance_imdsv2_enabled EC2 Instance i-015f59467ce090d2c has IMDSv2 disabled or not required.

Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not.

If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2.

FAIL medium ec2 ap-south-1 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. i-0eabd350f88ce5124 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. ec2_instance_imdsv2_enabled EC2 Instance i-0eabd350f88ce5124 has IMDSv2 disabled or not required.

Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not.

If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2.

FAIL medium ec2 ap-south-1 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. i-05f0f6f96eb4fd86d Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. ec2_instance_imdsv2_enabled EC2 Instance i-05f0f6f96eb4fd86d has IMDSv2 disabled or not required.

Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not.

If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2.

FAIL medium ec2 ap-south-1 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. i-0e512cb262096ac31 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. ec2_instance_imdsv2_enabled EC2 Instance i-0e512cb262096ac31 has IMDSv2 disabled or not required.

Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not.

If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2.

FAIL medium ec2 ap-south-1 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. i-02908a5ca4dede651 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. ec2_instance_imdsv2_enabled EC2 Instance i-02908a5ca4dede651 has IMDSv2 disabled or not required.

Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not.

If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2.

FAIL medium ec2 ap-south-1 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. i-066bd8233c2efdfd0 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. ec2_instance_imdsv2_enabled EC2 Instance i-066bd8233c2efdfd0 has IMDSv2 disabled or not required.

Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not.

If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2.

FAIL medium ec2 ap-south-1 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. i-099e4408cbeebdcdb Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. ec2_instance_imdsv2_enabled EC2 Instance i-099e4408cbeebdcdb has IMDSv2 disabled or not required.

Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not.

If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2.

FAIL medium ec2 ap-south-1 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. i-08543e56cbaf9f19c Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. ec2_instance_imdsv2_enabled EC2 Instance i-08543e56cbaf9f19c has IMDSv2 disabled or not required.

Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not.

If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2.

FAIL medium ec2 ap-south-1 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. i-0e5a35628e55bb883 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. ec2_instance_imdsv2_enabled EC2 Instance i-0e5a35628e55bb883 has IMDSv2 disabled or not required.

Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not.

If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2.

FAIL medium ec2 ap-south-1 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. i-03da29580a1fb3734 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. ec2_instance_imdsv2_enabled EC2 Instance i-03da29580a1fb3734 has IMDSv2 disabled or not required.

Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not.

If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2.

FAIL medium ec2 ap-south-1 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. i-0e0a4b4b40c2a9790 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. ec2_instance_imdsv2_enabled EC2 Instance i-0e0a4b4b40c2a9790 has IMDSv2 disabled or not required.

Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not.

If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2.

FAIL medium ec2 ap-south-1 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. i-06f38a8732b98d2e2 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. ec2_instance_imdsv2_enabled EC2 Instance i-06f38a8732b98d2e2 has IMDSv2 disabled or not required.

Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not.

If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2.

FAIL medium ec2 ap-south-1 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. i-071332494378f82ae Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. ec2_instance_imdsv2_enabled EC2 Instance i-071332494378f82ae has IMDSv2 disabled or not required.

Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not.

If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2.

FAIL medium ec2 ap-south-1 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. i-05bad25824ebfdb4d Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. ec2_instance_imdsv2_enabled EC2 Instance i-05bad25824ebfdb4d has IMDSv2 disabled or not required.

Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not.

If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2.

FAIL medium ec2 ap-south-1 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. i-04b87cb1bc8e2eb3b Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. ec2_instance_imdsv2_enabled EC2 Instance i-04b87cb1bc8e2eb3b has IMDSv2 disabled or not required.

Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not.

If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2.

FAIL medium ec2 ap-south-1 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. i-0c069862db55fbeda Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. ec2_instance_imdsv2_enabled EC2 Instance i-0c069862db55fbeda has IMDSv2 disabled or not required.

Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not.

If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2.

FAIL medium ec2 ap-south-1 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. i-0a34a15758fbb8d1f Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. ec2_instance_imdsv2_enabled EC2 Instance i-0a34a15758fbb8d1f has IMDSv2 disabled or not required.

Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not.

If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2.

FAIL medium ec2 ap-south-1 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. i-00ec225c2a12b853b Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. ec2_instance_imdsv2_enabled EC2 Instance i-00ec225c2a12b853b has IMDSv2 disabled or not required.

Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not.

If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2.

FAIL medium ec2 ap-south-1 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. i-03171ba2fce1dbd0d Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. ec2_instance_imdsv2_enabled EC2 Instance i-03171ba2fce1dbd0d has IMDSv2 disabled or not required.

Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not.

If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2.

FAIL medium ec2 ap-south-1 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. i-0d64065cb0e6f682f Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. ec2_instance_imdsv2_enabled EC2 Instance i-0d64065cb0e6f682f has IMDSv2 disabled or not required.

Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not.

If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2.

FAIL medium ec2 ap-south-1 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. i-037ea098c391480a9 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. ec2_instance_imdsv2_enabled EC2 Instance i-037ea098c391480a9 has IMDSv2 disabled or not required.

Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not.

If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2.

FAIL medium ec2 ap-south-1 Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. i-0790f4edec81af4fa Check if EC2 Instance Metadata Service Version 2 (IMDSv2) is Enabled and Required. ec2_instance_imdsv2_enabled EC2 Instance i-0790f4edec81af4fa has IMDSv2 disabled or not required.

Using IMDSv2 will protect from misconfiguration and SSRF vulnerabilities. IMDSv1 will not.

If you dont need IMDS you can turn it off. Using aws-cli you can force the instance to use only IMDSv2.

PASS medium ec2 ap-south-1 Check for internet facing EC2 instances with Instance Profiles attached. i-015f59467ce090d2c Check for internet facing EC2 instances with Instance Profiles attached. ec2_instance_internet_facing_with_instance_profile EC2 Instance i-015f59467ce090d2c is not internet facing with an instance profile.

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for internet facing EC2 instances with Instance Profiles attached. i-0eabd350f88ce5124 Check for internet facing EC2 instances with Instance Profiles attached. ec2_instance_internet_facing_with_instance_profile EC2 Instance i-0eabd350f88ce5124 at IP 13.127.148.48 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

PASS medium ec2 ap-south-1 Check for internet facing EC2 instances with Instance Profiles attached. i-05f0f6f96eb4fd86d Check for internet facing EC2 instances with Instance Profiles attached. ec2_instance_internet_facing_with_instance_profile EC2 Instance i-05f0f6f96eb4fd86d is not internet facing with an instance profile.

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for internet facing EC2 instances with Instance Profiles attached. i-0e512cb262096ac31 Check for internet facing EC2 instances with Instance Profiles attached. ec2_instance_internet_facing_with_instance_profile EC2 Instance i-0e512cb262096ac31 at IP 3.6.34.160 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/Windows_troubleshoot.

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for internet facing EC2 instances with Instance Profiles attached. i-02908a5ca4dede651 Check for internet facing EC2 instances with Instance Profiles attached. ec2_instance_internet_facing_with_instance_profile EC2 Instance i-02908a5ca4dede651 at IP 15.206.129.110 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for internet facing EC2 instances with Instance Profiles attached. i-066bd8233c2efdfd0 Check for internet facing EC2 instances with Instance Profiles attached. ec2_instance_internet_facing_with_instance_profile EC2 Instance i-066bd8233c2efdfd0 at IP 3.6.218.172 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for internet facing EC2 instances with Instance Profiles attached. i-099e4408cbeebdcdb Check for internet facing EC2 instances with Instance Profiles attached. ec2_instance_internet_facing_with_instance_profile EC2 Instance i-099e4408cbeebdcdb at IP 65.1.202.96 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for internet facing EC2 instances with Instance Profiles attached. i-08543e56cbaf9f19c Check for internet facing EC2 instances with Instance Profiles attached. ec2_instance_internet_facing_with_instance_profile EC2 Instance i-08543e56cbaf9f19c at IP 65.2.28.105 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for internet facing EC2 instances with Instance Profiles attached. i-0e5a35628e55bb883 Check for internet facing EC2 instances with Instance Profiles attached. ec2_instance_internet_facing_with_instance_profile EC2 Instance i-0e5a35628e55bb883 at IP 3.108.178.28 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for internet facing EC2 instances with Instance Profiles attached. i-03da29580a1fb3734 Check for internet facing EC2 instances with Instance Profiles attached. ec2_instance_internet_facing_with_instance_profile EC2 Instance i-03da29580a1fb3734 at IP 65.1.189.126 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

PASS medium ec2 ap-south-1 Check for internet facing EC2 instances with Instance Profiles attached. i-0e0a4b4b40c2a9790 Check for internet facing EC2 instances with Instance Profiles attached. ec2_instance_internet_facing_with_instance_profile EC2 Instance i-0e0a4b4b40c2a9790 is not internet facing with an instance profile.

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for internet facing EC2 instances with Instance Profiles attached. i-06f38a8732b98d2e2 Check for internet facing EC2 instances with Instance Profiles attached. ec2_instance_internet_facing_with_instance_profile EC2 Instance i-06f38a8732b98d2e2 at IP 3.6.49.75 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for internet facing EC2 instances with Instance Profiles attached. i-071332494378f82ae Check for internet facing EC2 instances with Instance Profiles attached. ec2_instance_internet_facing_with_instance_profile EC2 Instance i-071332494378f82ae at IP 65.2.108.162 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for internet facing EC2 instances with Instance Profiles attached. i-05bad25824ebfdb4d Check for internet facing EC2 instances with Instance Profiles attached. ec2_instance_internet_facing_with_instance_profile EC2 Instance i-05bad25824ebfdb4d at IP 13.235.34.5 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for internet facing EC2 instances with Instance Profiles attached. i-04b87cb1bc8e2eb3b Check for internet facing EC2 instances with Instance Profiles attached. ec2_instance_internet_facing_with_instance_profile EC2 Instance i-04b87cb1bc8e2eb3b at IP 3.111.193.196 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for internet facing EC2 instances with Instance Profiles attached. i-0c069862db55fbeda Check for internet facing EC2 instances with Instance Profiles attached. ec2_instance_internet_facing_with_instance_profile EC2 Instance i-0c069862db55fbeda at IP 15.206.24.152 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for internet facing EC2 instances with Instance Profiles attached. i-0a34a15758fbb8d1f Check for internet facing EC2 instances with Instance Profiles attached. ec2_instance_internet_facing_with_instance_profile EC2 Instance i-0a34a15758fbb8d1f at IP 13.126.195.229 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for internet facing EC2 instances with Instance Profiles attached. i-00ec225c2a12b853b Check for internet facing EC2 instances with Instance Profiles attached. ec2_instance_internet_facing_with_instance_profile EC2 Instance i-00ec225c2a12b853b at IP 13.234.241.114 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

PASS medium ec2 ap-south-1 Check for internet facing EC2 instances with Instance Profiles attached. i-03171ba2fce1dbd0d Check for internet facing EC2 instances with Instance Profiles attached. ec2_instance_internet_facing_with_instance_profile EC2 Instance i-03171ba2fce1dbd0d is not internet facing with an instance profile.

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for internet facing EC2 instances with Instance Profiles attached. i-0d64065cb0e6f682f Check for internet facing EC2 instances with Instance Profiles attached. ec2_instance_internet_facing_with_instance_profile EC2 Instance i-0d64065cb0e6f682f at IP 15.206.67.217 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/poc-DR-ec2-s3.

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for internet facing EC2 instances with Instance Profiles attached. i-037ea098c391480a9 Check for internet facing EC2 instances with Instance Profiles attached. ec2_instance_internet_facing_with_instance_profile EC2 Instance i-037ea098c391480a9 at IP 3.111.112.116 is internet-facing with Instance Profile arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

PASS medium ec2 ap-south-1 Check for internet facing EC2 instances with Instance Profiles attached. i-0790f4edec81af4fa Check for internet facing EC2 instances with Instance Profiles attached. ec2_instance_internet_facing_with_instance_profile EC2 Instance i-0790f4edec81af4fa is not internet facing with an instance profile.

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check if EC2 instances are managed by Systems Manager. i-015f59467ce090d2c Check if EC2 instances are managed by Systems Manager. ec2_instance_managed_by_ssm EC2 Instance i-015f59467ce090d2c is not managed by Systems Manager.

AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices.

Verify and apply Systems Manager Prerequisites.

PASS medium ec2 ap-south-1 Check if EC2 instances are managed by Systems Manager. i-0eabd350f88ce5124 Check if EC2 instances are managed by Systems Manager. ec2_instance_managed_by_ssm EC2 Instance i-0eabd350f88ce5124 is managed by Systems Manager.

AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices.

Verify and apply Systems Manager Prerequisites.

FAIL medium ec2 ap-south-1 Check if EC2 instances are managed by Systems Manager. i-05f0f6f96eb4fd86d Check if EC2 instances are managed by Systems Manager. ec2_instance_managed_by_ssm EC2 Instance i-05f0f6f96eb4fd86d is not managed by Systems Manager.

AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices.

Verify and apply Systems Manager Prerequisites.

FAIL medium ec2 ap-south-1 Check if EC2 instances are managed by Systems Manager. i-0e512cb262096ac31 Check if EC2 instances are managed by Systems Manager. ec2_instance_managed_by_ssm EC2 Instance i-0e512cb262096ac31 is not managed by Systems Manager.

AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices.

Verify and apply Systems Manager Prerequisites.

FAIL medium ec2 ap-south-1 Check if EC2 instances are managed by Systems Manager. i-02908a5ca4dede651 Check if EC2 instances are managed by Systems Manager. ec2_instance_managed_by_ssm EC2 Instance i-02908a5ca4dede651 is not managed by Systems Manager.

AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices.

Verify and apply Systems Manager Prerequisites.

FAIL medium ec2 ap-south-1 Check if EC2 instances are managed by Systems Manager. i-066bd8233c2efdfd0 Check if EC2 instances are managed by Systems Manager. ec2_instance_managed_by_ssm EC2 Instance i-066bd8233c2efdfd0 is not managed by Systems Manager.

AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices.

Verify and apply Systems Manager Prerequisites.

FAIL medium ec2 ap-south-1 Check if EC2 instances are managed by Systems Manager. i-099e4408cbeebdcdb Check if EC2 instances are managed by Systems Manager. ec2_instance_managed_by_ssm EC2 Instance i-099e4408cbeebdcdb is not managed by Systems Manager.

AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices.

Verify and apply Systems Manager Prerequisites.

FAIL medium ec2 ap-south-1 Check if EC2 instances are managed by Systems Manager. i-08543e56cbaf9f19c Check if EC2 instances are managed by Systems Manager. ec2_instance_managed_by_ssm EC2 Instance i-08543e56cbaf9f19c is not managed by Systems Manager.

AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices.

Verify and apply Systems Manager Prerequisites.

FAIL medium ec2 ap-south-1 Check if EC2 instances are managed by Systems Manager. i-0e5a35628e55bb883 Check if EC2 instances are managed by Systems Manager. ec2_instance_managed_by_ssm EC2 Instance i-0e5a35628e55bb883 is not managed by Systems Manager.

AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices.

Verify and apply Systems Manager Prerequisites.

PASS medium ec2 ap-south-1 Check if EC2 instances are managed by Systems Manager. i-03da29580a1fb3734 Check if EC2 instances are managed by Systems Manager. ec2_instance_managed_by_ssm EC2 Instance i-03da29580a1fb3734 is managed by Systems Manager.

AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices.

Verify and apply Systems Manager Prerequisites.

FAIL medium ec2 ap-south-1 Check if EC2 instances are managed by Systems Manager. i-0e0a4b4b40c2a9790 Check if EC2 instances are managed by Systems Manager. ec2_instance_managed_by_ssm EC2 Instance i-0e0a4b4b40c2a9790 is not managed by Systems Manager.

AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices.

Verify and apply Systems Manager Prerequisites.

FAIL medium ec2 ap-south-1 Check if EC2 instances are managed by Systems Manager. i-06f38a8732b98d2e2 Check if EC2 instances are managed by Systems Manager. ec2_instance_managed_by_ssm EC2 Instance i-06f38a8732b98d2e2 is not managed by Systems Manager.

AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices.

Verify and apply Systems Manager Prerequisites.

PASS medium ec2 ap-south-1 Check if EC2 instances are managed by Systems Manager. i-071332494378f82ae Check if EC2 instances are managed by Systems Manager. ec2_instance_managed_by_ssm EC2 Instance i-071332494378f82ae is managed by Systems Manager.

AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices.

Verify and apply Systems Manager Prerequisites.

PASS medium ec2 ap-south-1 Check if EC2 instances are managed by Systems Manager. i-05bad25824ebfdb4d Check if EC2 instances are managed by Systems Manager. ec2_instance_managed_by_ssm EC2 Instance i-05bad25824ebfdb4d is managed by Systems Manager.

AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices.

Verify and apply Systems Manager Prerequisites.

FAIL medium ec2 ap-south-1 Check if EC2 instances are managed by Systems Manager. i-04b87cb1bc8e2eb3b Check if EC2 instances are managed by Systems Manager. ec2_instance_managed_by_ssm EC2 Instance i-04b87cb1bc8e2eb3b is not managed by Systems Manager.

AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices.

Verify and apply Systems Manager Prerequisites.

FAIL medium ec2 ap-south-1 Check if EC2 instances are managed by Systems Manager. i-0c069862db55fbeda Check if EC2 instances are managed by Systems Manager. ec2_instance_managed_by_ssm EC2 Instance i-0c069862db55fbeda is not managed by Systems Manager.

AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices.

Verify and apply Systems Manager Prerequisites.

FAIL medium ec2 ap-south-1 Check if EC2 instances are managed by Systems Manager. i-0a34a15758fbb8d1f Check if EC2 instances are managed by Systems Manager. ec2_instance_managed_by_ssm EC2 Instance i-0a34a15758fbb8d1f is not managed by Systems Manager.

AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices.

Verify and apply Systems Manager Prerequisites.

PASS medium ec2 ap-south-1 Check if EC2 instances are managed by Systems Manager. i-00ec225c2a12b853b Check if EC2 instances are managed by Systems Manager. ec2_instance_managed_by_ssm EC2 Instance i-00ec225c2a12b853b is managed by Systems Manager.

AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices.

Verify and apply Systems Manager Prerequisites.

FAIL medium ec2 ap-south-1 Check if EC2 instances are managed by Systems Manager. i-03171ba2fce1dbd0d Check if EC2 instances are managed by Systems Manager. ec2_instance_managed_by_ssm EC2 Instance i-03171ba2fce1dbd0d is not managed by Systems Manager.

AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices.

Verify and apply Systems Manager Prerequisites.

FAIL medium ec2 ap-south-1 Check if EC2 instances are managed by Systems Manager. i-0d64065cb0e6f682f Check if EC2 instances are managed by Systems Manager. ec2_instance_managed_by_ssm EC2 Instance i-0d64065cb0e6f682f is not managed by Systems Manager.

AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices.

Verify and apply Systems Manager Prerequisites.

FAIL medium ec2 ap-south-1 Check if EC2 instances are managed by Systems Manager. i-037ea098c391480a9 Check if EC2 instances are managed by Systems Manager. ec2_instance_managed_by_ssm EC2 Instance i-037ea098c391480a9 is not managed by Systems Manager.

AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices.

Verify and apply Systems Manager Prerequisites.

FAIL medium ec2 ap-south-1 Check if EC2 instances are managed by Systems Manager. i-0790f4edec81af4fa Check if EC2 instances are managed by Systems Manager. ec2_instance_managed_by_ssm EC2 Instance i-0790f4edec81af4fa is not managed by Systems Manager.

AWS Config provides AWS Managed Rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices.

Verify and apply Systems Manager Prerequisites.

PASS medium ec2 ap-south-1 Check EC2 Instances older than specific days. i-015f59467ce090d2c Check EC2 Instances older than specific days. ec2_instance_older_than_specific_days EC2 Instance i-015f59467ce090d2c is not older than 180 days (14 days).

Having old instances within your AWS account could increase the risk of having vulnerable software.

Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information.

PASS medium ec2 ap-south-1 Check EC2 Instances older than specific days. i-0eabd350f88ce5124 Check EC2 Instances older than specific days. ec2_instance_older_than_specific_days EC2 Instance i-0eabd350f88ce5124 is not older than 180 days (37 days).

Having old instances within your AWS account could increase the risk of having vulnerable software.

Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information.

PASS medium ec2 ap-south-1 Check EC2 Instances older than specific days. i-05f0f6f96eb4fd86d Check EC2 Instances older than specific days. ec2_instance_older_than_specific_days EC2 Instance i-05f0f6f96eb4fd86d is not running.

Having old instances within your AWS account could increase the risk of having vulnerable software.

Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information.

PASS medium ec2 ap-south-1 Check EC2 Instances older than specific days. i-0e512cb262096ac31 Check EC2 Instances older than specific days. ec2_instance_older_than_specific_days EC2 Instance i-0e512cb262096ac31 is not running.

Having old instances within your AWS account could increase the risk of having vulnerable software.

Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information.

PASS medium ec2 ap-south-1 Check EC2 Instances older than specific days. i-02908a5ca4dede651 Check EC2 Instances older than specific days. ec2_instance_older_than_specific_days EC2 Instance i-02908a5ca4dede651 is not older than 180 days (36 days).

Having old instances within your AWS account could increase the risk of having vulnerable software.

Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information.

PASS medium ec2 ap-south-1 Check EC2 Instances older than specific days. i-066bd8233c2efdfd0 Check EC2 Instances older than specific days. ec2_instance_older_than_specific_days EC2 Instance i-066bd8233c2efdfd0 is not running.

Having old instances within your AWS account could increase the risk of having vulnerable software.

Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information.

PASS medium ec2 ap-south-1 Check EC2 Instances older than specific days. i-099e4408cbeebdcdb Check EC2 Instances older than specific days. ec2_instance_older_than_specific_days EC2 Instance i-099e4408cbeebdcdb is not running.

Having old instances within your AWS account could increase the risk of having vulnerable software.

Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information.

PASS medium ec2 ap-south-1 Check EC2 Instances older than specific days. i-08543e56cbaf9f19c Check EC2 Instances older than specific days. ec2_instance_older_than_specific_days EC2 Instance i-08543e56cbaf9f19c is not older than 180 days (6 days).

Having old instances within your AWS account could increase the risk of having vulnerable software.

Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information.

PASS medium ec2 ap-south-1 Check EC2 Instances older than specific days. i-0e5a35628e55bb883 Check EC2 Instances older than specific days. ec2_instance_older_than_specific_days EC2 Instance i-0e5a35628e55bb883 is not running.

Having old instances within your AWS account could increase the risk of having vulnerable software.

Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information.

PASS medium ec2 ap-south-1 Check EC2 Instances older than specific days. i-03da29580a1fb3734 Check EC2 Instances older than specific days. ec2_instance_older_than_specific_days EC2 Instance i-03da29580a1fb3734 is not older than 180 days (46 days).

Having old instances within your AWS account could increase the risk of having vulnerable software.

Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information.

PASS medium ec2 ap-south-1 Check EC2 Instances older than specific days. i-0e0a4b4b40c2a9790 Check EC2 Instances older than specific days. ec2_instance_older_than_specific_days EC2 Instance i-0e0a4b4b40c2a9790 is not running.

Having old instances within your AWS account could increase the risk of having vulnerable software.

Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information.

PASS medium ec2 ap-south-1 Check EC2 Instances older than specific days. i-06f38a8732b98d2e2 Check EC2 Instances older than specific days. ec2_instance_older_than_specific_days EC2 Instance i-06f38a8732b98d2e2 is not running.

Having old instances within your AWS account could increase the risk of having vulnerable software.

Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information.

PASS medium ec2 ap-south-1 Check EC2 Instances older than specific days. i-071332494378f82ae Check EC2 Instances older than specific days. ec2_instance_older_than_specific_days EC2 Instance i-071332494378f82ae is not older than 180 days (46 days).

Having old instances within your AWS account could increase the risk of having vulnerable software.

Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information.

PASS medium ec2 ap-south-1 Check EC2 Instances older than specific days. i-05bad25824ebfdb4d Check EC2 Instances older than specific days. ec2_instance_older_than_specific_days EC2 Instance i-05bad25824ebfdb4d is not older than 180 days (13 days).

Having old instances within your AWS account could increase the risk of having vulnerable software.

Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information.

PASS medium ec2 ap-south-1 Check EC2 Instances older than specific days. i-04b87cb1bc8e2eb3b Check EC2 Instances older than specific days. ec2_instance_older_than_specific_days EC2 Instance i-04b87cb1bc8e2eb3b is not running.

Having old instances within your AWS account could increase the risk of having vulnerable software.

Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information.

PASS medium ec2 ap-south-1 Check EC2 Instances older than specific days. i-0c069862db55fbeda Check EC2 Instances older than specific days. ec2_instance_older_than_specific_days EC2 Instance i-0c069862db55fbeda is not running.

Having old instances within your AWS account could increase the risk of having vulnerable software.

Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information.

PASS medium ec2 ap-south-1 Check EC2 Instances older than specific days. i-0a34a15758fbb8d1f Check EC2 Instances older than specific days. ec2_instance_older_than_specific_days EC2 Instance i-0a34a15758fbb8d1f is not running.

Having old instances within your AWS account could increase the risk of having vulnerable software.

Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information.

PASS medium ec2 ap-south-1 Check EC2 Instances older than specific days. i-00ec225c2a12b853b Check EC2 Instances older than specific days. ec2_instance_older_than_specific_days EC2 Instance i-00ec225c2a12b853b is not older than 180 days (23 days).

Having old instances within your AWS account could increase the risk of having vulnerable software.

Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information.

PASS medium ec2 ap-south-1 Check EC2 Instances older than specific days. i-03171ba2fce1dbd0d Check EC2 Instances older than specific days. ec2_instance_older_than_specific_days EC2 Instance i-03171ba2fce1dbd0d is not running.

Having old instances within your AWS account could increase the risk of having vulnerable software.

Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information.

PASS medium ec2 ap-south-1 Check EC2 Instances older than specific days. i-0d64065cb0e6f682f Check EC2 Instances older than specific days. ec2_instance_older_than_specific_days EC2 Instance i-0d64065cb0e6f682f is not older than 180 days (3 days).

Having old instances within your AWS account could increase the risk of having vulnerable software.

Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information.

PASS medium ec2 ap-south-1 Check EC2 Instances older than specific days. i-037ea098c391480a9 Check EC2 Instances older than specific days. ec2_instance_older_than_specific_days EC2 Instance i-037ea098c391480a9 is not running.

Having old instances within your AWS account could increase the risk of having vulnerable software.

Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information.

PASS medium ec2 ap-south-1 Check EC2 Instances older than specific days. i-0790f4edec81af4fa Check EC2 Instances older than specific days. ec2_instance_older_than_specific_days EC2 Instance i-0790f4edec81af4fa is not older than 180 days (13 days).

Having old instances within your AWS account could increase the risk of having vulnerable software.

Check if software running in the instance is up to date and patched accordingly. Use AWS Systems Manager to patch instances and view patching compliance information.

FAIL medium ec2 ap-south-1 Ensure IAM instance roles are used for AWS resource access from instances i-015f59467ce090d2c Ensure IAM instance roles are used for AWS resource access from instances. ec2_instance_profile_attached EC2 Instance i-015f59467ce090d2c not associated with an Instance Profile Role.

AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account.

Create an IAM instance role if necessary and attach it to the corresponding EC2 instance..

PASS medium ec2 ap-south-1 Ensure IAM instance roles are used for AWS resource access from instances i-0eabd350f88ce5124 Ensure IAM instance roles are used for AWS resource access from instances. ec2_instance_profile_attached EC2 Instance i-0eabd350f88ce5124 associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account.

Create an IAM instance role if necessary and attach it to the corresponding EC2 instance..

FAIL medium ec2 ap-south-1 Ensure IAM instance roles are used for AWS resource access from instances i-05f0f6f96eb4fd86d Ensure IAM instance roles are used for AWS resource access from instances. ec2_instance_profile_attached EC2 Instance i-05f0f6f96eb4fd86d not associated with an Instance Profile Role.

AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account.

Create an IAM instance role if necessary and attach it to the corresponding EC2 instance..

PASS medium ec2 ap-south-1 Ensure IAM instance roles are used for AWS resource access from instances i-0e512cb262096ac31 Ensure IAM instance roles are used for AWS resource access from instances. ec2_instance_profile_attached EC2 Instance i-0e512cb262096ac31 associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/Windows_troubleshoot.

AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account.

Create an IAM instance role if necessary and attach it to the corresponding EC2 instance..

PASS medium ec2 ap-south-1 Ensure IAM instance roles are used for AWS resource access from instances i-02908a5ca4dede651 Ensure IAM instance roles are used for AWS resource access from instances. ec2_instance_profile_attached EC2 Instance i-02908a5ca4dede651 associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account.

Create an IAM instance role if necessary and attach it to the corresponding EC2 instance..

PASS medium ec2 ap-south-1 Ensure IAM instance roles are used for AWS resource access from instances i-066bd8233c2efdfd0 Ensure IAM instance roles are used for AWS resource access from instances. ec2_instance_profile_attached EC2 Instance i-066bd8233c2efdfd0 associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account.

Create an IAM instance role if necessary and attach it to the corresponding EC2 instance..

PASS medium ec2 ap-south-1 Ensure IAM instance roles are used for AWS resource access from instances i-099e4408cbeebdcdb Ensure IAM instance roles are used for AWS resource access from instances. ec2_instance_profile_attached EC2 Instance i-099e4408cbeebdcdb associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account.

Create an IAM instance role if necessary and attach it to the corresponding EC2 instance..

PASS medium ec2 ap-south-1 Ensure IAM instance roles are used for AWS resource access from instances i-08543e56cbaf9f19c Ensure IAM instance roles are used for AWS resource access from instances. ec2_instance_profile_attached EC2 Instance i-08543e56cbaf9f19c associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account.

Create an IAM instance role if necessary and attach it to the corresponding EC2 instance..

PASS medium ec2 ap-south-1 Ensure IAM instance roles are used for AWS resource access from instances i-0e5a35628e55bb883 Ensure IAM instance roles are used for AWS resource access from instances. ec2_instance_profile_attached EC2 Instance i-0e5a35628e55bb883 associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account.

Create an IAM instance role if necessary and attach it to the corresponding EC2 instance..

PASS medium ec2 ap-south-1 Ensure IAM instance roles are used for AWS resource access from instances i-03da29580a1fb3734 Ensure IAM instance roles are used for AWS resource access from instances. ec2_instance_profile_attached EC2 Instance i-03da29580a1fb3734 associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account.

Create an IAM instance role if necessary and attach it to the corresponding EC2 instance..

PASS medium ec2 ap-south-1 Ensure IAM instance roles are used for AWS resource access from instances i-0e0a4b4b40c2a9790 Ensure IAM instance roles are used for AWS resource access from instances. ec2_instance_profile_attached EC2 Instance i-0e0a4b4b40c2a9790 associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account.

Create an IAM instance role if necessary and attach it to the corresponding EC2 instance..

PASS medium ec2 ap-south-1 Ensure IAM instance roles are used for AWS resource access from instances i-06f38a8732b98d2e2 Ensure IAM instance roles are used for AWS resource access from instances. ec2_instance_profile_attached EC2 Instance i-06f38a8732b98d2e2 associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account.

Create an IAM instance role if necessary and attach it to the corresponding EC2 instance..

PASS medium ec2 ap-south-1 Ensure IAM instance roles are used for AWS resource access from instances i-071332494378f82ae Ensure IAM instance roles are used for AWS resource access from instances. ec2_instance_profile_attached EC2 Instance i-071332494378f82ae associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account.

Create an IAM instance role if necessary and attach it to the corresponding EC2 instance..

PASS medium ec2 ap-south-1 Ensure IAM instance roles are used for AWS resource access from instances i-05bad25824ebfdb4d Ensure IAM instance roles are used for AWS resource access from instances. ec2_instance_profile_attached EC2 Instance i-05bad25824ebfdb4d associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account.

Create an IAM instance role if necessary and attach it to the corresponding EC2 instance..

PASS medium ec2 ap-south-1 Ensure IAM instance roles are used for AWS resource access from instances i-04b87cb1bc8e2eb3b Ensure IAM instance roles are used for AWS resource access from instances. ec2_instance_profile_attached EC2 Instance i-04b87cb1bc8e2eb3b associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account.

Create an IAM instance role if necessary and attach it to the corresponding EC2 instance..

PASS medium ec2 ap-south-1 Ensure IAM instance roles are used for AWS resource access from instances i-0c069862db55fbeda Ensure IAM instance roles are used for AWS resource access from instances. ec2_instance_profile_attached EC2 Instance i-0c069862db55fbeda associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account.

Create an IAM instance role if necessary and attach it to the corresponding EC2 instance..

PASS medium ec2 ap-south-1 Ensure IAM instance roles are used for AWS resource access from instances i-0a34a15758fbb8d1f Ensure IAM instance roles are used for AWS resource access from instances. ec2_instance_profile_attached EC2 Instance i-0a34a15758fbb8d1f associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account.

Create an IAM instance role if necessary and attach it to the corresponding EC2 instance..

PASS medium ec2 ap-south-1 Ensure IAM instance roles are used for AWS resource access from instances i-00ec225c2a12b853b Ensure IAM instance roles are used for AWS resource access from instances. ec2_instance_profile_attached EC2 Instance i-00ec225c2a12b853b associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account.

Create an IAM instance role if necessary and attach it to the corresponding EC2 instance..

FAIL medium ec2 ap-south-1 Ensure IAM instance roles are used for AWS resource access from instances i-03171ba2fce1dbd0d Ensure IAM instance roles are used for AWS resource access from instances. ec2_instance_profile_attached EC2 Instance i-03171ba2fce1dbd0d not associated with an Instance Profile Role.

AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account.

Create an IAM instance role if necessary and attach it to the corresponding EC2 instance..

PASS medium ec2 ap-south-1 Ensure IAM instance roles are used for AWS resource access from instances i-0d64065cb0e6f682f Ensure IAM instance roles are used for AWS resource access from instances. ec2_instance_profile_attached EC2 Instance i-0d64065cb0e6f682f associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/poc-DR-ec2-s3.

AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account.

Create an IAM instance role if necessary and attach it to the corresponding EC2 instance..

PASS medium ec2 ap-south-1 Ensure IAM instance roles are used for AWS resource access from instances i-037ea098c391480a9 Ensure IAM instance roles are used for AWS resource access from instances. ec2_instance_profile_attached EC2 Instance i-037ea098c391480a9 associated with Instance Profile Role arn:aws:iam::207592916039:instance-profile/EC2-CloudWatch-Access.

AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account.

Create an IAM instance role if necessary and attach it to the corresponding EC2 instance..

FAIL medium ec2 ap-south-1 Ensure IAM instance roles are used for AWS resource access from instances i-0790f4edec81af4fa Ensure IAM instance roles are used for AWS resource access from instances. ec2_instance_profile_attached EC2 Instance i-0790f4edec81af4fa not associated with an Instance Profile Role.

AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. AWS IAM roles reduce the risks associated with sharing and rotating credentials that can be used outside of AWS itself. If credentials are compromised, they can be used from outside of the AWS account.

Create an IAM instance role if necessary and attach it to the corresponding EC2 instance..

FAIL medium ec2 ap-south-1 Check for EC2 Instances with Public IP. i-015f59467ce090d2c Check for EC2 Instances with Public IP. ec2_instance_public_ip EC2 Instance i-015f59467ce090d2c has a Public IP: 65.0.148.77 ().

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for EC2 Instances with Public IP. i-0eabd350f88ce5124 Check for EC2 Instances with Public IP. ec2_instance_public_ip EC2 Instance i-0eabd350f88ce5124 has a Public IP: 13.127.148.48 (ec2-13-127-148-48.ap-south-1.compute.amazonaws.com).

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

PASS medium ec2 ap-south-1 Check for EC2 Instances with Public IP. i-05f0f6f96eb4fd86d Check for EC2 Instances with Public IP. ec2_instance_public_ip EC2 Instance i-05f0f6f96eb4fd86d has not a Public IP.

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for EC2 Instances with Public IP. i-0e512cb262096ac31 Check for EC2 Instances with Public IP. ec2_instance_public_ip EC2 Instance i-0e512cb262096ac31 has a Public IP: 3.6.34.160 (ec2-3-6-34-160.ap-south-1.compute.amazonaws.com).

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for EC2 Instances with Public IP. i-02908a5ca4dede651 Check for EC2 Instances with Public IP. ec2_instance_public_ip EC2 Instance i-02908a5ca4dede651 has a Public IP: 15.206.129.110 (ec2-15-206-129-110.ap-south-1.compute.amazonaws.com).

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for EC2 Instances with Public IP. i-066bd8233c2efdfd0 Check for EC2 Instances with Public IP. ec2_instance_public_ip EC2 Instance i-066bd8233c2efdfd0 has a Public IP: 3.6.218.172 (ec2-3-6-218-172.ap-south-1.compute.amazonaws.com).

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for EC2 Instances with Public IP. i-099e4408cbeebdcdb Check for EC2 Instances with Public IP. ec2_instance_public_ip EC2 Instance i-099e4408cbeebdcdb has a Public IP: 65.1.202.96 (ec2-65-1-202-96.ap-south-1.compute.amazonaws.com).

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for EC2 Instances with Public IP. i-08543e56cbaf9f19c Check for EC2 Instances with Public IP. ec2_instance_public_ip EC2 Instance i-08543e56cbaf9f19c has a Public IP: 65.2.28.105 (ec2-65-2-28-105.ap-south-1.compute.amazonaws.com).

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for EC2 Instances with Public IP. i-0e5a35628e55bb883 Check for EC2 Instances with Public IP. ec2_instance_public_ip EC2 Instance i-0e5a35628e55bb883 has a Public IP: 3.108.178.28 (ec2-3-108-178-28.ap-south-1.compute.amazonaws.com).

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for EC2 Instances with Public IP. i-03da29580a1fb3734 Check for EC2 Instances with Public IP. ec2_instance_public_ip EC2 Instance i-03da29580a1fb3734 has a Public IP: 65.1.189.126 (ec2-65-1-189-126.ap-south-1.compute.amazonaws.com).

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

PASS medium ec2 ap-south-1 Check for EC2 Instances with Public IP. i-0e0a4b4b40c2a9790 Check for EC2 Instances with Public IP. ec2_instance_public_ip EC2 Instance i-0e0a4b4b40c2a9790 has not a Public IP.

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for EC2 Instances with Public IP. i-06f38a8732b98d2e2 Check for EC2 Instances with Public IP. ec2_instance_public_ip EC2 Instance i-06f38a8732b98d2e2 has a Public IP: 3.6.49.75 (ec2-3-6-49-75.ap-south-1.compute.amazonaws.com).

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for EC2 Instances with Public IP. i-071332494378f82ae Check for EC2 Instances with Public IP. ec2_instance_public_ip EC2 Instance i-071332494378f82ae has a Public IP: 65.2.108.162 ().

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for EC2 Instances with Public IP. i-05bad25824ebfdb4d Check for EC2 Instances with Public IP. ec2_instance_public_ip EC2 Instance i-05bad25824ebfdb4d has a Public IP: 13.235.34.5 ().

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for EC2 Instances with Public IP. i-04b87cb1bc8e2eb3b Check for EC2 Instances with Public IP. ec2_instance_public_ip EC2 Instance i-04b87cb1bc8e2eb3b has a Public IP: 3.111.193.196 (ec2-3-111-193-196.ap-south-1.compute.amazonaws.com).

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for EC2 Instances with Public IP. i-0c069862db55fbeda Check for EC2 Instances with Public IP. ec2_instance_public_ip EC2 Instance i-0c069862db55fbeda has a Public IP: 15.206.24.152 (ec2-15-206-24-152.ap-south-1.compute.amazonaws.com).

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for EC2 Instances with Public IP. i-0a34a15758fbb8d1f Check for EC2 Instances with Public IP. ec2_instance_public_ip EC2 Instance i-0a34a15758fbb8d1f has a Public IP: 13.126.195.229 (ec2-13-126-195-229.ap-south-1.compute.amazonaws.com).

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for EC2 Instances with Public IP. i-00ec225c2a12b853b Check for EC2 Instances with Public IP. ec2_instance_public_ip EC2 Instance i-00ec225c2a12b853b has a Public IP: 13.234.241.114 (ec2-13-234-241-114.ap-south-1.compute.amazonaws.com).

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for EC2 Instances with Public IP. i-03171ba2fce1dbd0d Check for EC2 Instances with Public IP. ec2_instance_public_ip EC2 Instance i-03171ba2fce1dbd0d has a Public IP: 15.206.191.199 (ec2-15-206-191-199.ap-south-1.compute.amazonaws.com).

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for EC2 Instances with Public IP. i-0d64065cb0e6f682f Check for EC2 Instances with Public IP. ec2_instance_public_ip EC2 Instance i-0d64065cb0e6f682f has a Public IP: 15.206.67.217 (ec2-15-206-67-217.ap-south-1.compute.amazonaws.com).

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for EC2 Instances with Public IP. i-037ea098c391480a9 Check for EC2 Instances with Public IP. ec2_instance_public_ip EC2 Instance i-037ea098c391480a9 has a Public IP: 3.111.112.116 (ec2-3-111-112-116.ap-south-1.compute.amazonaws.com).

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

FAIL medium ec2 ap-south-1 Check for EC2 Instances with Public IP. i-0790f4edec81af4fa Check for EC2 Instances with Public IP. ec2_instance_public_ip EC2 Instance i-0790f4edec81af4fa has a Public IP: 13.232.150.131 (ec2-13-232-150-131.ap-south-1.compute.amazonaws.com).

Exposing an EC2 directly to internet increases the attack surface and therefore the risk of compromise.

Use an ALB and apply WAF ACL.

PASS critical ec2 ap-south-1 Find secrets in EC2 User Data. i-015f59467ce090d2c Find secrets in EC2 User Data. ec2_instance_secrets_user_data No secrets found in EC2 instance i-015f59467ce090d2c since User Data is empty.

Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

PASS critical ec2 ap-south-1 Find secrets in EC2 User Data. i-0eabd350f88ce5124 Find secrets in EC2 User Data. ec2_instance_secrets_user_data No secrets found in EC2 instance i-0eabd350f88ce5124 since User Data is empty.

Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

PASS critical ec2 ap-south-1 Find secrets in EC2 User Data. i-05f0f6f96eb4fd86d Find secrets in EC2 User Data. ec2_instance_secrets_user_data No secrets found in EC2 instance i-05f0f6f96eb4fd86d since User Data is empty.

Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

PASS critical ec2 ap-south-1 Find secrets in EC2 User Data. i-0e512cb262096ac31 Find secrets in EC2 User Data. ec2_instance_secrets_user_data No secrets found in EC2 instance i-0e512cb262096ac31 since User Data is empty.

Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

PASS critical ec2 ap-south-1 Find secrets in EC2 User Data. i-02908a5ca4dede651 Find secrets in EC2 User Data. ec2_instance_secrets_user_data No secrets found in EC2 instance i-02908a5ca4dede651 since User Data is empty.

Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

PASS critical ec2 ap-south-1 Find secrets in EC2 User Data. i-066bd8233c2efdfd0 Find secrets in EC2 User Data. ec2_instance_secrets_user_data No secrets found in EC2 instance i-066bd8233c2efdfd0 since User Data is empty.

Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

PASS critical ec2 ap-south-1 Find secrets in EC2 User Data. i-099e4408cbeebdcdb Find secrets in EC2 User Data. ec2_instance_secrets_user_data No secrets found in EC2 instance i-099e4408cbeebdcdb since User Data is empty.

Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

PASS critical ec2 ap-south-1 Find secrets in EC2 User Data. i-08543e56cbaf9f19c Find secrets in EC2 User Data. ec2_instance_secrets_user_data No secrets found in EC2 instance i-08543e56cbaf9f19c since User Data is empty.

Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

PASS critical ec2 ap-south-1 Find secrets in EC2 User Data. i-0e5a35628e55bb883 Find secrets in EC2 User Data. ec2_instance_secrets_user_data No secrets found in EC2 instance i-0e5a35628e55bb883 since User Data is empty.

Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

PASS critical ec2 ap-south-1 Find secrets in EC2 User Data. i-03da29580a1fb3734 Find secrets in EC2 User Data. ec2_instance_secrets_user_data No secrets found in EC2 instance i-03da29580a1fb3734 since User Data is empty.

Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

PASS critical ec2 ap-south-1 Find secrets in EC2 User Data. i-0e0a4b4b40c2a9790 Find secrets in EC2 User Data. ec2_instance_secrets_user_data No secrets found in EC2 instance i-0e0a4b4b40c2a9790 since User Data is empty.

Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

PASS critical ec2 ap-south-1 Find secrets in EC2 User Data. i-06f38a8732b98d2e2 Find secrets in EC2 User Data. ec2_instance_secrets_user_data No secrets found in EC2 instance i-06f38a8732b98d2e2 since User Data is empty.

Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

PASS critical ec2 ap-south-1 Find secrets in EC2 User Data. i-071332494378f82ae Find secrets in EC2 User Data. ec2_instance_secrets_user_data No secrets found in EC2 instance i-071332494378f82ae since User Data is empty.

Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

PASS critical ec2 ap-south-1 Find secrets in EC2 User Data. i-05bad25824ebfdb4d Find secrets in EC2 User Data. ec2_instance_secrets_user_data No secrets found in EC2 instance i-05bad25824ebfdb4d since User Data is empty.

Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

PASS critical ec2 ap-south-1 Find secrets in EC2 User Data. i-04b87cb1bc8e2eb3b Find secrets in EC2 User Data. ec2_instance_secrets_user_data No secrets found in EC2 instance i-04b87cb1bc8e2eb3b since User Data is empty.

Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

PASS critical ec2 ap-south-1 Find secrets in EC2 User Data. i-0c069862db55fbeda Find secrets in EC2 User Data. ec2_instance_secrets_user_data No secrets found in EC2 instance i-0c069862db55fbeda since User Data is empty.

Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

PASS critical ec2 ap-south-1 Find secrets in EC2 User Data. i-0a34a15758fbb8d1f Find secrets in EC2 User Data. ec2_instance_secrets_user_data No secrets found in EC2 instance i-0a34a15758fbb8d1f since User Data is empty.

Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

PASS critical ec2 ap-south-1 Find secrets in EC2 User Data. i-00ec225c2a12b853b Find secrets in EC2 User Data. ec2_instance_secrets_user_data No secrets found in EC2 instance i-00ec225c2a12b853b since User Data is empty.

Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

PASS critical ec2 ap-south-1 Find secrets in EC2 User Data. i-03171ba2fce1dbd0d Find secrets in EC2 User Data. ec2_instance_secrets_user_data No secrets found in EC2 instance i-03171ba2fce1dbd0d since User Data is empty.

Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

PASS critical ec2 ap-south-1 Find secrets in EC2 User Data. i-0d64065cb0e6f682f Find secrets in EC2 User Data. ec2_instance_secrets_user_data No secrets found in EC2 instance i-0d64065cb0e6f682f since User Data is empty.

Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

PASS critical ec2 ap-south-1 Find secrets in EC2 User Data. i-037ea098c391480a9 Find secrets in EC2 User Data. ec2_instance_secrets_user_data No secrets found in EC2 instance i-037ea098c391480a9 since User Data is empty.

Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

PASS critical ec2 ap-south-1 Find secrets in EC2 User Data. i-0790f4edec81af4fa Find secrets in EC2 User Data. ec2_instance_secrets_user_data No secrets found in EC2 instance i-0790f4edec81af4fa since User Data is empty.

Secrets hardcoded into instance user data can be used by malware and bad actors to gain lateral access to other services.

Implement automated detective control (e.g. using tools like Prowler) to scan accounts for passwords and secrets. Use secrets manager service to store and retrieve passwords and secrets.

FAIL high ec2 ap-northeast-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. acl-3ee94058 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. ec2_networkacl_allow_ingress_any_port Network ACL acl-3ee94058 has every port open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-northeast-2 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. acl-7b43c610 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. ec2_networkacl_allow_ingress_any_port Network ACL acl-7b43c610 has every port open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-northeast-3 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. acl-00780669 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. ec2_networkacl_allow_ingress_any_port Network ACL acl-00780669 has every port open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-south-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. acl-059cbe81d2548d6de Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. ec2_networkacl_allow_ingress_any_port Network ACL acl-059cbe81d2548d6de has every port open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-south-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. acl-07e78237304a6d367 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. ec2_networkacl_allow_ingress_any_port Network ACL acl-07e78237304a6d367 has every port open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-south-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. acl-0c34a3347ef305308 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. ec2_networkacl_allow_ingress_any_port Network ACL acl-0c34a3347ef305308 has every port open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-south-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. acl-0aa54221e7c479387 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. ec2_networkacl_allow_ingress_any_port Network ACL acl-0aa54221e7c479387 has every port open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-south-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. acl-0551e0d858a4766b5 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. ec2_networkacl_allow_ingress_any_port Network ACL acl-0551e0d858a4766b5 has every port open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-south-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. acl-0c252885aca7df663 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. ec2_networkacl_allow_ingress_any_port Network ACL acl-0c252885aca7df663 has every port open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-south-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. acl-4a846821 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. ec2_networkacl_allow_ingress_any_port Network ACL acl-4a846821 has every port open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-southeast-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. acl-99e152ff Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. ec2_networkacl_allow_ingress_any_port Network ACL acl-99e152ff has every port open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-southeast-2 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. acl-8e914ae8 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. ec2_networkacl_allow_ingress_any_port Network ACL acl-8e914ae8 has every port open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 eu-central-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. acl-0d77fd67 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. ec2_networkacl_allow_ingress_any_port Network ACL acl-0d77fd67 has every port open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 eu-north-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. acl-05aa7d6c Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. ec2_networkacl_allow_ingress_any_port Network ACL acl-05aa7d6c has every port open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 eu-west-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. acl-34f9654d Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. ec2_networkacl_allow_ingress_any_port Network ACL acl-34f9654d has every port open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 eu-west-2 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. acl-8fecbfe7 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. ec2_networkacl_allow_ingress_any_port Network ACL acl-8fecbfe7 has every port open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 eu-west-3 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. acl-1562757c Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. ec2_networkacl_allow_ingress_any_port Network ACL acl-1562757c has every port open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 sa-east-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. acl-816558e6 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. ec2_networkacl_allow_ingress_any_port Network ACL acl-816558e6 has every port open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 us-east-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. acl-0fc5b600deaa124fe Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. ec2_networkacl_allow_ingress_any_port Network ACL acl-0fc5b600deaa124fe has every port open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 us-east-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. acl-07fd797a Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. ec2_networkacl_allow_ingress_any_port Network ACL acl-07fd797a has every port open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 us-east-2 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. acl-f7c6639c Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. ec2_networkacl_allow_ingress_any_port Network ACL acl-f7c6639c has every port open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 us-west-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. acl-51b11937 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. ec2_networkacl_allow_ingress_any_port Network ACL acl-51b11937 has every port open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 us-west-2 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. acl-48a84533 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to any port. ec2_networkacl_allow_ingress_any_port Network ACL acl-48a84533 has every port open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-northeast-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 acl-3ee94058 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 ec2_networkacl_allow_ingress_tcp_port_22 Network ACL acl-3ee94058 has SSH port 22 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-northeast-2 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 acl-7b43c610 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 ec2_networkacl_allow_ingress_tcp_port_22 Network ACL acl-7b43c610 has SSH port 22 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-northeast-3 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 acl-00780669 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 ec2_networkacl_allow_ingress_tcp_port_22 Network ACL acl-00780669 has SSH port 22 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-south-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 acl-059cbe81d2548d6de Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 ec2_networkacl_allow_ingress_tcp_port_22 Network ACL acl-059cbe81d2548d6de has SSH port 22 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-south-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 acl-07e78237304a6d367 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 ec2_networkacl_allow_ingress_tcp_port_22 Network ACL acl-07e78237304a6d367 has SSH port 22 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-south-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 acl-0c34a3347ef305308 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 ec2_networkacl_allow_ingress_tcp_port_22 Network ACL acl-0c34a3347ef305308 has SSH port 22 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-south-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 acl-0aa54221e7c479387 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 ec2_networkacl_allow_ingress_tcp_port_22 Network ACL acl-0aa54221e7c479387 has SSH port 22 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-south-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 acl-0551e0d858a4766b5 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 ec2_networkacl_allow_ingress_tcp_port_22 Network ACL acl-0551e0d858a4766b5 has SSH port 22 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-south-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 acl-0c252885aca7df663 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 ec2_networkacl_allow_ingress_tcp_port_22 Network ACL acl-0c252885aca7df663 has SSH port 22 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-south-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 acl-4a846821 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 ec2_networkacl_allow_ingress_tcp_port_22 Network ACL acl-4a846821 has SSH port 22 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-southeast-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 acl-99e152ff Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 ec2_networkacl_allow_ingress_tcp_port_22 Network ACL acl-99e152ff has SSH port 22 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-southeast-2 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 acl-8e914ae8 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 ec2_networkacl_allow_ingress_tcp_port_22 Network ACL acl-8e914ae8 has SSH port 22 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 eu-central-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 acl-0d77fd67 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 ec2_networkacl_allow_ingress_tcp_port_22 Network ACL acl-0d77fd67 has SSH port 22 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 eu-north-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 acl-05aa7d6c Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 ec2_networkacl_allow_ingress_tcp_port_22 Network ACL acl-05aa7d6c has SSH port 22 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 eu-west-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 acl-34f9654d Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 ec2_networkacl_allow_ingress_tcp_port_22 Network ACL acl-34f9654d has SSH port 22 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 eu-west-2 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 acl-8fecbfe7 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 ec2_networkacl_allow_ingress_tcp_port_22 Network ACL acl-8fecbfe7 has SSH port 22 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 eu-west-3 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 acl-1562757c Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 ec2_networkacl_allow_ingress_tcp_port_22 Network ACL acl-1562757c has SSH port 22 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 sa-east-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 acl-816558e6 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 ec2_networkacl_allow_ingress_tcp_port_22 Network ACL acl-816558e6 has SSH port 22 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 us-east-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 acl-0fc5b600deaa124fe Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 ec2_networkacl_allow_ingress_tcp_port_22 Network ACL acl-0fc5b600deaa124fe has SSH port 22 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 us-east-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 acl-07fd797a Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 ec2_networkacl_allow_ingress_tcp_port_22 Network ACL acl-07fd797a has SSH port 22 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 us-east-2 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 acl-f7c6639c Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 ec2_networkacl_allow_ingress_tcp_port_22 Network ACL acl-f7c6639c has SSH port 22 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 us-west-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 acl-51b11937 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 ec2_networkacl_allow_ingress_tcp_port_22 Network ACL acl-51b11937 has SSH port 22 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 us-west-2 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 acl-48a84533 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to SSH port 22 ec2_networkacl_allow_ingress_tcp_port_22 Network ACL acl-48a84533 has SSH port 22 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-northeast-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 acl-3ee94058 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 ec2_networkacl_allow_ingress_tcp_port_3389 Network ACL acl-3ee94058 has Microsoft RDP port 3389 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-northeast-2 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 acl-7b43c610 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 ec2_networkacl_allow_ingress_tcp_port_3389 Network ACL acl-7b43c610 has Microsoft RDP port 3389 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-northeast-3 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 acl-00780669 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 ec2_networkacl_allow_ingress_tcp_port_3389 Network ACL acl-00780669 has Microsoft RDP port 3389 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-south-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 acl-059cbe81d2548d6de Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 ec2_networkacl_allow_ingress_tcp_port_3389 Network ACL acl-059cbe81d2548d6de has Microsoft RDP port 3389 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-south-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 acl-07e78237304a6d367 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 ec2_networkacl_allow_ingress_tcp_port_3389 Network ACL acl-07e78237304a6d367 has Microsoft RDP port 3389 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-south-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 acl-0c34a3347ef305308 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 ec2_networkacl_allow_ingress_tcp_port_3389 Network ACL acl-0c34a3347ef305308 has Microsoft RDP port 3389 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-south-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 acl-0aa54221e7c479387 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 ec2_networkacl_allow_ingress_tcp_port_3389 Network ACL acl-0aa54221e7c479387 has Microsoft RDP port 3389 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-south-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 acl-0551e0d858a4766b5 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 ec2_networkacl_allow_ingress_tcp_port_3389 Network ACL acl-0551e0d858a4766b5 has Microsoft RDP port 3389 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-south-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 acl-0c252885aca7df663 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 ec2_networkacl_allow_ingress_tcp_port_3389 Network ACL acl-0c252885aca7df663 has Microsoft RDP port 3389 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-south-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 acl-4a846821 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 ec2_networkacl_allow_ingress_tcp_port_3389 Network ACL acl-4a846821 has Microsoft RDP port 3389 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-southeast-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 acl-99e152ff Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 ec2_networkacl_allow_ingress_tcp_port_3389 Network ACL acl-99e152ff has Microsoft RDP port 3389 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-southeast-2 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 acl-8e914ae8 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 ec2_networkacl_allow_ingress_tcp_port_3389 Network ACL acl-8e914ae8 has Microsoft RDP port 3389 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 eu-central-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 acl-0d77fd67 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 ec2_networkacl_allow_ingress_tcp_port_3389 Network ACL acl-0d77fd67 has Microsoft RDP port 3389 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 eu-north-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 acl-05aa7d6c Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 ec2_networkacl_allow_ingress_tcp_port_3389 Network ACL acl-05aa7d6c has Microsoft RDP port 3389 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 eu-west-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 acl-34f9654d Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 ec2_networkacl_allow_ingress_tcp_port_3389 Network ACL acl-34f9654d has Microsoft RDP port 3389 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 eu-west-2 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 acl-8fecbfe7 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 ec2_networkacl_allow_ingress_tcp_port_3389 Network ACL acl-8fecbfe7 has Microsoft RDP port 3389 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 eu-west-3 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 acl-1562757c Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 ec2_networkacl_allow_ingress_tcp_port_3389 Network ACL acl-1562757c has Microsoft RDP port 3389 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 sa-east-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 acl-816558e6 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 ec2_networkacl_allow_ingress_tcp_port_3389 Network ACL acl-816558e6 has Microsoft RDP port 3389 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 us-east-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 acl-0fc5b600deaa124fe Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 ec2_networkacl_allow_ingress_tcp_port_3389 Network ACL acl-0fc5b600deaa124fe has Microsoft RDP port 3389 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 us-east-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 acl-07fd797a Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 ec2_networkacl_allow_ingress_tcp_port_3389 Network ACL acl-07fd797a has Microsoft RDP port 3389 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 us-east-2 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 acl-f7c6639c Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 ec2_networkacl_allow_ingress_tcp_port_3389 Network ACL acl-f7c6639c has Microsoft RDP port 3389 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 us-west-1 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 acl-51b11937 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 ec2_networkacl_allow_ingress_tcp_port_3389 Network ACL acl-51b11937 has Microsoft RDP port 3389 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 us-west-2 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 acl-48a84533 Ensure no Network ACLs allow ingress from 0.0.0.0/0 to Microsoft RDP port 3389 ec2_networkacl_allow_ingress_tcp_port_3389 Network ACL acl-48a84533 has Microsoft RDP port 3389 open to the Internet.

Even having a perimeter firewall, having network acls open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive network acls. Recommended best practices is to narrow the definition for the minimum ports required.

PASS high ec2 ap-northeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-a7a8a2d7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group default (sg-a7a8a2d7) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0781bb66 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group default (sg-0781bb66) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-3bd72a56 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group default (sg-3bd72a56) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-051bc89f00d84ba5d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group default (sg-051bc89f00d84ba5d) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-014e8daa4cc040ec3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group FLTITLE (sg-014e8daa4cc040ec3) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-05c4e006af9e88dce Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group production_instance_24hr (sg-05c4e006af9e88dce) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-090b4a2a1c5868d3f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-00d80536c6f581309 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group poc-new-dr-SG (sg-00d80536c6f581309) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-06bd3c482cfc57740 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group launch-wizard-10 (sg-06bd3c482cfc57740) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0cef5febe99cb6c57 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0e3c03071ed78ed08 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-07032cce3a92d339c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group newexample (sg-07032cce3a92d339c) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-03e9695ce5a0004e3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-01ce2418c7b289616 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-048665d6d0c5ddade Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group launch-wizard-12 (sg-048665d6d0c5ddade) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-031e19902e2a5afdf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group xenia (sg-031e19902e2a5afdf) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-09fe68ed6b5fb3364 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-07fe7a4a585a27114 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0d37f630587326b7e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group launch-wizard-8 (sg-0d37f630587326b7e) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-026aafec6fadbd8c1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-07a7e54c93da1b0bb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0aeb794463e80d4fb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0a229ea3e85856a09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group new-rdp-pub (sg-0a229ea3e85856a09) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-008d5e1c2f6c94baa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-07cb54f5346101b04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-08d49b3fee5eae78f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0ced3f254ff2e2449 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group Production_instance (sg-0ced3f254ff2e2449) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0af3d8b5b8bc880fa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0a9daa8c4e10538d0 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0772c4ae4f2152412 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group launch-wizard-9 (sg-0772c4ae4f2152412) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-091c740915160e014 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group default (sg-091c740915160e014) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0cda5846e51d75406 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-04b71d8fe6f61ac09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-08a830f3818df22d8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-09fc17deef2200543 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group launch-wizard-3 (sg-09fc17deef2200543) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0474afad1cede51c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-16c91a78 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group default (sg-16c91a78) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-03dda95217bd722cf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0b36e9776f84be1b8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0bd7e423fac41eca5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group snatpshot_test (sg-0bd7e423fac41eca5) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-05eb10b1b7df8b201 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group default (sg-05eb10b1b7df8b201) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-094663576a916beb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group Scan (sg-094663576a916beb5) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0cf58d958641ae531 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group FLTITLE-db (sg-0cf58d958641ae531) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-07ca5965527721e2b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group test.fugo.ELB (sg-07ca5965527721e2b) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-04ffc3255e82b26a3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group test.fugoone (sg-04ffc3255e82b26a3) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0cc85defb9824bf46 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group newdemo (sg-0cc85defb9824bf46) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0a5358451ab8eb31f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-05621c06837212db5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group fugo office network (sg-05621c06837212db5) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-08b7370c7d1c12ab6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group Workspace (sg-08b7370c7d1c12ab6) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0b6c9695323ec455c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0d60b8f6ae7a1dc83 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0b519b5e6321a2762 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group RDP_NEW (sg-0b519b5e6321a2762) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0b6ae40bc40a05870 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group default (sg-0b6ae40bc40a05870) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-07134278bb62c54e5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-04819898c1b060625 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group launch-wizard-1 (sg-04819898c1b060625) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-04e2e7f5507ea7337 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-05f377a970051f352 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0e4aa2f9d569fca18 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-03cd1691502cec67e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group windows (sg-03cd1691502cec67e) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0cae57cb9099fc6de Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0dccfce9d4a0c9e60 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0b491bea1db5b5666 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group Windows_Mig_test (sg-0b491bea1db5b5666) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0ee48f91f8164b5d9 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0209ccd9248b69ece Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-055f2fcdabec8a369 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group default (sg-055f2fcdabec8a369) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-076ae3302eae38eae Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-04025f2ff76e7bd88 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group test (sg-04025f2ff76e7bd88) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0129ef8098ddb64c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group monitoring-sg (sg-0129ef8098ddb64c3) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0eadf6ec31f93bb8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0491433bb7e2de88d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0c2892864e591824e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group PMS-app-server (sg-0c2892864e591824e) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-06c3a17fe51c9de61 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0fdf571c639c4ea8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0ac53cbf0ab180e84 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-054a81357c28e6fb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0d900345b2583fc49 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group fugoservices-web (sg-0d900345b2583fc49) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-039c5bcf6bdfe954d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0a7e5947d6d3ab692 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group default (sg-0a7e5947d6d3ab692) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-000e6b51a965ce764 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group wazuh (sg-000e6b51a965ce764) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-02aac871f20a48d69 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0299cd0cdfa6599bc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0b5898998ef0f0040 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0f1b0a1ae6ee72a6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0682fefbab8f20c19 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-03f8863db5b89f3cc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0b599093e3e3c4c6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-007e9f3f5e6a7dda2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group knowfugo (sg-007e9f3f5e6a7dda2) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0937aff6d72c24a45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group stagng_knowfugo (sg-0937aff6d72c24a45) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-08121f893f2d89138 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-048bccd7d49e2c556 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0325f3fdbd7f4ae04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group Demo-audit (sg-0325f3fdbd7f4ae04) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0f8abce01b2b398db Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group Audit-Bastion (sg-0f8abce01b2b398db) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0f05243b7bf9d3257 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-04edb80657ca25b45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group BASION host (sg-04edb80657ca25b45) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-01ddee8f2302669c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group api.fugoone.com (sg-01ddee8f2302669c3) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-01d6b0b12ee726a22 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group audit-demo-lb (sg-01d6b0b12ee726a22) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-01063b292cec3ec8c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group FUGO-AD (sg-01063b292cec3ec8c) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0e1e536387953fb6b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group New_example_fugoone (sg-0e1e536387953fb6b) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-044d5380ff0b25acd Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0a2c2913bff2400c2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0532d1ee42b3f4636 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0f44652776af161f8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0c2a1b648c8879fe5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-08c854f0f6d88954f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-031db14f807d2b614 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0ebcd60f472f0e59d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-c9844db7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group default (sg-c9844db7) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-b52739cb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group default (sg-b52739cb) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-central-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-6cab7d09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group default (sg-6cab7d09) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-north-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-c92874a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group default (sg-c92874a2) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-31d72b79 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group default (sg-31d72b79) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-4b2ddf2a Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group default (sg-4b2ddf2a) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-7aaf9417 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group default (sg-7aaf9417) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 sa-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-f82f8285 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group default (sg-f82f8285) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0236a454c87e868a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-050d9187f381d2f0b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group default (sg-050d9187f381d2f0b) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-7a00c82f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group default (sg-7a00c82f) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0bde47bb7dcbff977 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0d3dc664f916e5beb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group Test Instance (sg-0d3dc664f916e5beb) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-00e8dbdcd832c0963 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-b78824d2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group default (sg-b78824d2) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-06bcee4d6827a114b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group launch-wizard-1 (sg-06bcee4d6827a114b) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-d876d4a6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group default (sg-d876d4a6) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-0e76f8d7e9c5345df Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. sg-e0eef6a5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to any port. ec2_securitygroup_allow_ingress_from_internet_to_any_port Security group default (sg-e0eef6a5) has not all ports open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-a7a8a2d7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group default (sg-a7a8a2d7) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0781bb66 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group default (sg-0781bb66) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-3bd72a56 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group default (sg-3bd72a56) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-051bc89f00d84ba5d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group default (sg-051bc89f00d84ba5d) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-014e8daa4cc040ec3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group FLTITLE (sg-014e8daa4cc040ec3) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-05c4e006af9e88dce Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group production_instance_24hr (sg-05c4e006af9e88dce) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-090b4a2a1c5868d3f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-00d80536c6f581309 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group poc-new-dr-SG (sg-00d80536c6f581309) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-06bd3c482cfc57740 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0cef5febe99cb6c57 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0e3c03071ed78ed08 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-07032cce3a92d339c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group newexample (sg-07032cce3a92d339c) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-03e9695ce5a0004e3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-01ce2418c7b289616 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-048665d6d0c5ddade Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-031e19902e2a5afdf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group xenia (sg-031e19902e2a5afdf) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-09fe68ed6b5fb3364 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-07fe7a4a585a27114 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0d37f630587326b7e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group launch-wizard-8 (sg-0d37f630587326b7e) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-026aafec6fadbd8c1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-07a7e54c93da1b0bb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0aeb794463e80d4fb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0a229ea3e85856a09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group new-rdp-pub (sg-0a229ea3e85856a09) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-008d5e1c2f6c94baa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-07cb54f5346101b04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-08d49b3fee5eae78f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0ced3f254ff2e2449 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group Production_instance (sg-0ced3f254ff2e2449) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0af3d8b5b8bc880fa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0a9daa8c4e10538d0 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0772c4ae4f2152412 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-091c740915160e014 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group default (sg-091c740915160e014) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0cda5846e51d75406 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-04b71d8fe6f61ac09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-08a830f3818df22d8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-09fc17deef2200543 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group launch-wizard-3 (sg-09fc17deef2200543) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0474afad1cede51c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-16c91a78 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group default (sg-16c91a78) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-03dda95217bd722cf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0b36e9776f84be1b8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0bd7e423fac41eca5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group snatpshot_test (sg-0bd7e423fac41eca5) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-05eb10b1b7df8b201 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group default (sg-05eb10b1b7df8b201) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-094663576a916beb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group Scan (sg-094663576a916beb5) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0cf58d958641ae531 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group FLTITLE-db (sg-0cf58d958641ae531) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-07ca5965527721e2b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group test.fugo.ELB (sg-07ca5965527721e2b) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-04ffc3255e82b26a3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group test.fugoone (sg-04ffc3255e82b26a3) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0cc85defb9824bf46 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group newdemo (sg-0cc85defb9824bf46) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0a5358451ab8eb31f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-05621c06837212db5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group fugo office network (sg-05621c06837212db5) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-08b7370c7d1c12ab6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group Workspace (sg-08b7370c7d1c12ab6) has MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0b6c9695323ec455c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0d60b8f6ae7a1dc83 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0b519b5e6321a2762 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group RDP_NEW (sg-0b519b5e6321a2762) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0b6ae40bc40a05870 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group default (sg-0b6ae40bc40a05870) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-07134278bb62c54e5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-04819898c1b060625 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group launch-wizard-1 (sg-04819898c1b060625) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-04e2e7f5507ea7337 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-05f377a970051f352 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0e4aa2f9d569fca18 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-03cd1691502cec67e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group windows (sg-03cd1691502cec67e) has MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0cae57cb9099fc6de Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0dccfce9d4a0c9e60 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0b491bea1db5b5666 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group Windows_Mig_test (sg-0b491bea1db5b5666) has MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0ee48f91f8164b5d9 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0209ccd9248b69ece Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-055f2fcdabec8a369 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group default (sg-055f2fcdabec8a369) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-076ae3302eae38eae Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-04025f2ff76e7bd88 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group test (sg-04025f2ff76e7bd88) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0129ef8098ddb64c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group monitoring-sg (sg-0129ef8098ddb64c3) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0eadf6ec31f93bb8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0491433bb7e2de88d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0c2892864e591824e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group PMS-app-server (sg-0c2892864e591824e) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-06c3a17fe51c9de61 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0fdf571c639c4ea8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0ac53cbf0ab180e84 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-054a81357c28e6fb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0d900345b2583fc49 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group fugoservices-web (sg-0d900345b2583fc49) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-039c5bcf6bdfe954d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0a7e5947d6d3ab692 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group default (sg-0a7e5947d6d3ab692) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-000e6b51a965ce764 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group wazuh (sg-000e6b51a965ce764) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-02aac871f20a48d69 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0299cd0cdfa6599bc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0b5898998ef0f0040 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0f1b0a1ae6ee72a6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0682fefbab8f20c19 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-03f8863db5b89f3cc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0b599093e3e3c4c6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-007e9f3f5e6a7dda2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group knowfugo (sg-007e9f3f5e6a7dda2) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0937aff6d72c24a45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-08121f893f2d89138 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-048bccd7d49e2c556 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0325f3fdbd7f4ae04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0f8abce01b2b398db Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group Audit-Bastion (sg-0f8abce01b2b398db) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0f05243b7bf9d3257 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-04edb80657ca25b45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group BASION host (sg-04edb80657ca25b45) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-01ddee8f2302669c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group api.fugoone.com (sg-01ddee8f2302669c3) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-01d6b0b12ee726a22 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-01063b292cec3ec8c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group FUGO-AD (sg-01063b292cec3ec8c) has MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0e1e536387953fb6b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group New_example_fugoone (sg-0e1e536387953fb6b) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-044d5380ff0b25acd Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0a2c2913bff2400c2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0532d1ee42b3f4636 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0f44652776af161f8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0c2a1b648c8879fe5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-08c854f0f6d88954f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-031db14f807d2b614 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0ebcd60f472f0e59d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-c9844db7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group default (sg-c9844db7) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-b52739cb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group default (sg-b52739cb) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-central-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-6cab7d09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group default (sg-6cab7d09) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-north-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-c92874a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group default (sg-c92874a2) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-31d72b79 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group default (sg-31d72b79) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-4b2ddf2a Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group default (sg-4b2ddf2a) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-7aaf9417 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group default (sg-7aaf9417) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 sa-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-f82f8285 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group default (sg-f82f8285) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0236a454c87e868a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-050d9187f381d2f0b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group default (sg-050d9187f381d2f0b) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-7a00c82f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group default (sg-7a00c82f) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0bde47bb7dcbff977 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0d3dc664f916e5beb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group Test Instance (sg-0d3dc664f916e5beb) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-00e8dbdcd832c0963 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-b78824d2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group default (sg-b78824d2) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-06bcee4d6827a114b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-d876d4a6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group default (sg-d876d4a6) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-0e76f8d7e9c5345df Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. sg-e0eef6a5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MongoDB ports 27017 and 27018. ec2_securitygroup_allow_ingress_from_internet_to_port_mongodb_27017_27018 Security group default (sg-e0eef6a5) has not MongoDB ports 27017 and 27018 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-a7a8a2d7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group default (sg-a7a8a2d7) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0781bb66 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group default (sg-0781bb66) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-3bd72a56 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group default (sg-3bd72a56) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-051bc89f00d84ba5d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group default (sg-051bc89f00d84ba5d) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-014e8daa4cc040ec3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group FLTITLE (sg-014e8daa4cc040ec3) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-05c4e006af9e88dce Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group production_instance_24hr (sg-05c4e006af9e88dce) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-090b4a2a1c5868d3f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-00d80536c6f581309 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group poc-new-dr-SG (sg-00d80536c6f581309) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-06bd3c482cfc57740 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0cef5febe99cb6c57 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0e3c03071ed78ed08 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-07032cce3a92d339c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group newexample (sg-07032cce3a92d339c) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-03e9695ce5a0004e3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-01ce2418c7b289616 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-048665d6d0c5ddade Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-031e19902e2a5afdf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group xenia (sg-031e19902e2a5afdf) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-09fe68ed6b5fb3364 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-07fe7a4a585a27114 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0d37f630587326b7e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group launch-wizard-8 (sg-0d37f630587326b7e) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-026aafec6fadbd8c1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-07a7e54c93da1b0bb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0aeb794463e80d4fb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0a229ea3e85856a09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group new-rdp-pub (sg-0a229ea3e85856a09) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-008d5e1c2f6c94baa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-07cb54f5346101b04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-08d49b3fee5eae78f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0ced3f254ff2e2449 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group Production_instance (sg-0ced3f254ff2e2449) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0af3d8b5b8bc880fa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0a9daa8c4e10538d0 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0772c4ae4f2152412 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-091c740915160e014 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group default (sg-091c740915160e014) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0cda5846e51d75406 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-04b71d8fe6f61ac09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-08a830f3818df22d8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-09fc17deef2200543 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group launch-wizard-3 (sg-09fc17deef2200543) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0474afad1cede51c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-16c91a78 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group default (sg-16c91a78) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-03dda95217bd722cf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0b36e9776f84be1b8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0bd7e423fac41eca5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group snatpshot_test (sg-0bd7e423fac41eca5) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-05eb10b1b7df8b201 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group default (sg-05eb10b1b7df8b201) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-094663576a916beb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group Scan (sg-094663576a916beb5) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0cf58d958641ae531 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group FLTITLE-db (sg-0cf58d958641ae531) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-07ca5965527721e2b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group test.fugo.ELB (sg-07ca5965527721e2b) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-04ffc3255e82b26a3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group test.fugoone (sg-04ffc3255e82b26a3) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0cc85defb9824bf46 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group newdemo (sg-0cc85defb9824bf46) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0a5358451ab8eb31f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-05621c06837212db5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group fugo office network (sg-05621c06837212db5) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-08b7370c7d1c12ab6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group Workspace (sg-08b7370c7d1c12ab6) has FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0b6c9695323ec455c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0d60b8f6ae7a1dc83 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0b519b5e6321a2762 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group RDP_NEW (sg-0b519b5e6321a2762) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0b6ae40bc40a05870 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group default (sg-0b6ae40bc40a05870) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-07134278bb62c54e5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-04819898c1b060625 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group launch-wizard-1 (sg-04819898c1b060625) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-04e2e7f5507ea7337 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-05f377a970051f352 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0e4aa2f9d569fca18 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-03cd1691502cec67e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group windows (sg-03cd1691502cec67e) has FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0cae57cb9099fc6de Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0dccfce9d4a0c9e60 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0b491bea1db5b5666 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group Windows_Mig_test (sg-0b491bea1db5b5666) has FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0ee48f91f8164b5d9 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0209ccd9248b69ece Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-055f2fcdabec8a369 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group default (sg-055f2fcdabec8a369) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-076ae3302eae38eae Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-04025f2ff76e7bd88 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group test (sg-04025f2ff76e7bd88) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0129ef8098ddb64c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group monitoring-sg (sg-0129ef8098ddb64c3) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0eadf6ec31f93bb8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0491433bb7e2de88d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0c2892864e591824e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group PMS-app-server (sg-0c2892864e591824e) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-06c3a17fe51c9de61 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0fdf571c639c4ea8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0ac53cbf0ab180e84 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-054a81357c28e6fb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0d900345b2583fc49 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group fugoservices-web (sg-0d900345b2583fc49) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-039c5bcf6bdfe954d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0a7e5947d6d3ab692 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group default (sg-0a7e5947d6d3ab692) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-000e6b51a965ce764 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group wazuh (sg-000e6b51a965ce764) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-02aac871f20a48d69 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0299cd0cdfa6599bc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0b5898998ef0f0040 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0f1b0a1ae6ee72a6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0682fefbab8f20c19 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-03f8863db5b89f3cc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0b599093e3e3c4c6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-007e9f3f5e6a7dda2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group knowfugo (sg-007e9f3f5e6a7dda2) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0937aff6d72c24a45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-08121f893f2d89138 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-048bccd7d49e2c556 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0325f3fdbd7f4ae04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0f8abce01b2b398db Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group Audit-Bastion (sg-0f8abce01b2b398db) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0f05243b7bf9d3257 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-04edb80657ca25b45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group BASION host (sg-04edb80657ca25b45) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-01ddee8f2302669c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group api.fugoone.com (sg-01ddee8f2302669c3) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-01d6b0b12ee726a22 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-01063b292cec3ec8c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group FUGO-AD (sg-01063b292cec3ec8c) has FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0e1e536387953fb6b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group New_example_fugoone (sg-0e1e536387953fb6b) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-044d5380ff0b25acd Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0a2c2913bff2400c2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0532d1ee42b3f4636 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0f44652776af161f8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0c2a1b648c8879fe5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-08c854f0f6d88954f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-031db14f807d2b614 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0ebcd60f472f0e59d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-c9844db7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group default (sg-c9844db7) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-b52739cb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group default (sg-b52739cb) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-central-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-6cab7d09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group default (sg-6cab7d09) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-north-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-c92874a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group default (sg-c92874a2) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-31d72b79 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group default (sg-31d72b79) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-4b2ddf2a Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group default (sg-4b2ddf2a) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-7aaf9417 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group default (sg-7aaf9417) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 sa-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-f82f8285 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group default (sg-f82f8285) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0236a454c87e868a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-050d9187f381d2f0b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group default (sg-050d9187f381d2f0b) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-7a00c82f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group default (sg-7a00c82f) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0bde47bb7dcbff977 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0d3dc664f916e5beb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group Test Instance (sg-0d3dc664f916e5beb) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-00e8dbdcd832c0963 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-b78824d2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group default (sg-b78824d2) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-06bcee4d6827a114b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-d876d4a6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group default (sg-d876d4a6) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-0e76f8d7e9c5345df Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. sg-e0eef6a5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to FTP ports 20 or 21. ec2_securitygroup_allow_ingress_from_internet_to_tcp_ftp_port_20_21 Security group default (sg-e0eef6a5) has not FTP ports 20 and 21 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-a7a8a2d7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group default (sg-a7a8a2d7) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0781bb66 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group default (sg-0781bb66) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-3bd72a56 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group default (sg-3bd72a56) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-051bc89f00d84ba5d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group default (sg-051bc89f00d84ba5d) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-014e8daa4cc040ec3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group FLTITLE (sg-014e8daa4cc040ec3) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-05c4e006af9e88dce Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group production_instance_24hr (sg-05c4e006af9e88dce) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-090b4a2a1c5868d3f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-00d80536c6f581309 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group poc-new-dr-SG (sg-00d80536c6f581309) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-06bd3c482cfc57740 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group launch-wizard-10 (sg-06bd3c482cfc57740) has SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0cef5febe99cb6c57 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0e3c03071ed78ed08 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-07032cce3a92d339c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group newexample (sg-07032cce3a92d339c) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-03e9695ce5a0004e3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-01ce2418c7b289616 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-048665d6d0c5ddade Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group launch-wizard-12 (sg-048665d6d0c5ddade) has SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-031e19902e2a5afdf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group xenia (sg-031e19902e2a5afdf) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-09fe68ed6b5fb3364 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-07fe7a4a585a27114 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0d37f630587326b7e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group launch-wizard-8 (sg-0d37f630587326b7e) has SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-026aafec6fadbd8c1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-07a7e54c93da1b0bb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0aeb794463e80d4fb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0a229ea3e85856a09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group new-rdp-pub (sg-0a229ea3e85856a09) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-008d5e1c2f6c94baa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-07cb54f5346101b04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-08d49b3fee5eae78f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0ced3f254ff2e2449 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group Production_instance (sg-0ced3f254ff2e2449) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0af3d8b5b8bc880fa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0a9daa8c4e10538d0 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0772c4ae4f2152412 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group launch-wizard-9 (sg-0772c4ae4f2152412) has SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-091c740915160e014 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group default (sg-091c740915160e014) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0cda5846e51d75406 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-04b71d8fe6f61ac09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-08a830f3818df22d8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-09fc17deef2200543 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group launch-wizard-3 (sg-09fc17deef2200543) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0474afad1cede51c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-16c91a78 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group default (sg-16c91a78) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-03dda95217bd722cf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0b36e9776f84be1b8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0bd7e423fac41eca5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group snatpshot_test (sg-0bd7e423fac41eca5) has SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-05eb10b1b7df8b201 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group default (sg-05eb10b1b7df8b201) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-094663576a916beb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group Scan (sg-094663576a916beb5) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0cf58d958641ae531 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group FLTITLE-db (sg-0cf58d958641ae531) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-07ca5965527721e2b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group test.fugo.ELB (sg-07ca5965527721e2b) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-04ffc3255e82b26a3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group test.fugoone (sg-04ffc3255e82b26a3) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0cc85defb9824bf46 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group newdemo (sg-0cc85defb9824bf46) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0a5358451ab8eb31f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-05621c06837212db5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group fugo office network (sg-05621c06837212db5) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-08b7370c7d1c12ab6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group Workspace (sg-08b7370c7d1c12ab6) has SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0b6c9695323ec455c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0d60b8f6ae7a1dc83 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0b519b5e6321a2762 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group RDP_NEW (sg-0b519b5e6321a2762) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0b6ae40bc40a05870 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group default (sg-0b6ae40bc40a05870) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-07134278bb62c54e5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-04819898c1b060625 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group launch-wizard-1 (sg-04819898c1b060625) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-04e2e7f5507ea7337 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-05f377a970051f352 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0e4aa2f9d569fca18 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-03cd1691502cec67e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group windows (sg-03cd1691502cec67e) has SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0cae57cb9099fc6de Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0dccfce9d4a0c9e60 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0b491bea1db5b5666 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group Windows_Mig_test (sg-0b491bea1db5b5666) has SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0ee48f91f8164b5d9 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0209ccd9248b69ece Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-055f2fcdabec8a369 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group default (sg-055f2fcdabec8a369) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-076ae3302eae38eae Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-04025f2ff76e7bd88 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group test (sg-04025f2ff76e7bd88) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0129ef8098ddb64c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group monitoring-sg (sg-0129ef8098ddb64c3) has SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0eadf6ec31f93bb8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0491433bb7e2de88d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0c2892864e591824e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group PMS-app-server (sg-0c2892864e591824e) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-06c3a17fe51c9de61 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0fdf571c639c4ea8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0ac53cbf0ab180e84 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-054a81357c28e6fb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0d900345b2583fc49 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group fugoservices-web (sg-0d900345b2583fc49) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-039c5bcf6bdfe954d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0a7e5947d6d3ab692 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group default (sg-0a7e5947d6d3ab692) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-000e6b51a965ce764 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group wazuh (sg-000e6b51a965ce764) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-02aac871f20a48d69 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0299cd0cdfa6599bc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0b5898998ef0f0040 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0f1b0a1ae6ee72a6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0682fefbab8f20c19 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-03f8863db5b89f3cc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0b599093e3e3c4c6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-007e9f3f5e6a7dda2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group knowfugo (sg-007e9f3f5e6a7dda2) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0937aff6d72c24a45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-08121f893f2d89138 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-048bccd7d49e2c556 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0325f3fdbd7f4ae04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group Demo-audit (sg-0325f3fdbd7f4ae04) has SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0f8abce01b2b398db Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group Audit-Bastion (sg-0f8abce01b2b398db) has SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0f05243b7bf9d3257 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-04edb80657ca25b45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group BASION host (sg-04edb80657ca25b45) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-01ddee8f2302669c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group api.fugoone.com (sg-01ddee8f2302669c3) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-01d6b0b12ee726a22 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-01063b292cec3ec8c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group FUGO-AD (sg-01063b292cec3ec8c) has SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0e1e536387953fb6b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group New_example_fugoone (sg-0e1e536387953fb6b) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-044d5380ff0b25acd Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0a2c2913bff2400c2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0532d1ee42b3f4636 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0f44652776af161f8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0c2a1b648c8879fe5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-08c854f0f6d88954f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-031db14f807d2b614 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0ebcd60f472f0e59d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-c9844db7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group default (sg-c9844db7) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-b52739cb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group default (sg-b52739cb) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-central-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-6cab7d09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group default (sg-6cab7d09) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-north-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-c92874a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group default (sg-c92874a2) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-31d72b79 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group default (sg-31d72b79) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-4b2ddf2a Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group default (sg-4b2ddf2a) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-7aaf9417 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group default (sg-7aaf9417) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 sa-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-f82f8285 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group default (sg-f82f8285) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0236a454c87e868a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-050d9187f381d2f0b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group default (sg-050d9187f381d2f0b) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-7a00c82f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group default (sg-7a00c82f) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0bde47bb7dcbff977 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0d3dc664f916e5beb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group Test Instance (sg-0d3dc664f916e5beb) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-00e8dbdcd832c0963 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-b78824d2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group default (sg-b78824d2) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-06bcee4d6827a114b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-d876d4a6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group default (sg-d876d4a6) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-0e76f8d7e9c5345df Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. sg-e0eef6a5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to SSH port 22. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_22 Security group default (sg-e0eef6a5) has not SSH port 22 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-a7a8a2d7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group default (sg-a7a8a2d7) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0781bb66 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group default (sg-0781bb66) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-3bd72a56 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group default (sg-3bd72a56) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-051bc89f00d84ba5d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group default (sg-051bc89f00d84ba5d) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-014e8daa4cc040ec3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group FLTITLE (sg-014e8daa4cc040ec3) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-05c4e006af9e88dce Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group production_instance_24hr (sg-05c4e006af9e88dce) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-090b4a2a1c5868d3f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-00d80536c6f581309 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group poc-new-dr-SG (sg-00d80536c6f581309) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-06bd3c482cfc57740 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0cef5febe99cb6c57 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0e3c03071ed78ed08 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-07032cce3a92d339c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group newexample (sg-07032cce3a92d339c) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-03e9695ce5a0004e3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-01ce2418c7b289616 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-048665d6d0c5ddade Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-031e19902e2a5afdf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group xenia (sg-031e19902e2a5afdf) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-09fe68ed6b5fb3364 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-07fe7a4a585a27114 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0d37f630587326b7e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group launch-wizard-8 (sg-0d37f630587326b7e) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-026aafec6fadbd8c1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-07a7e54c93da1b0bb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0aeb794463e80d4fb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0a229ea3e85856a09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group new-rdp-pub (sg-0a229ea3e85856a09) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-008d5e1c2f6c94baa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-07cb54f5346101b04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-08d49b3fee5eae78f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0ced3f254ff2e2449 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group Production_instance (sg-0ced3f254ff2e2449) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0af3d8b5b8bc880fa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0a9daa8c4e10538d0 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0772c4ae4f2152412 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-091c740915160e014 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group default (sg-091c740915160e014) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0cda5846e51d75406 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-04b71d8fe6f61ac09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-08a830f3818df22d8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-09fc17deef2200543 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group launch-wizard-3 (sg-09fc17deef2200543) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0474afad1cede51c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-16c91a78 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group default (sg-16c91a78) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-03dda95217bd722cf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0b36e9776f84be1b8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0bd7e423fac41eca5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group snatpshot_test (sg-0bd7e423fac41eca5) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-05eb10b1b7df8b201 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group default (sg-05eb10b1b7df8b201) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-094663576a916beb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group Scan (sg-094663576a916beb5) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0cf58d958641ae531 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group FLTITLE-db (sg-0cf58d958641ae531) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-07ca5965527721e2b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group test.fugo.ELB (sg-07ca5965527721e2b) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-04ffc3255e82b26a3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group test.fugoone (sg-04ffc3255e82b26a3) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0cc85defb9824bf46 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group newdemo (sg-0cc85defb9824bf46) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0a5358451ab8eb31f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-05621c06837212db5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group fugo office network (sg-05621c06837212db5) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-08b7370c7d1c12ab6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group Workspace (sg-08b7370c7d1c12ab6) has Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0b6c9695323ec455c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0d60b8f6ae7a1dc83 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0b519b5e6321a2762 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group RDP_NEW (sg-0b519b5e6321a2762) has Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0b6ae40bc40a05870 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group default (sg-0b6ae40bc40a05870) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-07134278bb62c54e5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-04819898c1b060625 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group launch-wizard-1 (sg-04819898c1b060625) has Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-04e2e7f5507ea7337 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-05f377a970051f352 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0e4aa2f9d569fca18 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-03cd1691502cec67e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group windows (sg-03cd1691502cec67e) has Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0cae57cb9099fc6de Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0dccfce9d4a0c9e60 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0b491bea1db5b5666 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group Windows_Mig_test (sg-0b491bea1db5b5666) has Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0ee48f91f8164b5d9 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0209ccd9248b69ece Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-055f2fcdabec8a369 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group default (sg-055f2fcdabec8a369) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-076ae3302eae38eae Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-04025f2ff76e7bd88 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group test (sg-04025f2ff76e7bd88) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0129ef8098ddb64c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group monitoring-sg (sg-0129ef8098ddb64c3) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0eadf6ec31f93bb8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0491433bb7e2de88d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0c2892864e591824e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group PMS-app-server (sg-0c2892864e591824e) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-06c3a17fe51c9de61 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0fdf571c639c4ea8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0ac53cbf0ab180e84 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-054a81357c28e6fb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0d900345b2583fc49 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group fugoservices-web (sg-0d900345b2583fc49) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-039c5bcf6bdfe954d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0a7e5947d6d3ab692 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group default (sg-0a7e5947d6d3ab692) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-000e6b51a965ce764 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group wazuh (sg-000e6b51a965ce764) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-02aac871f20a48d69 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0299cd0cdfa6599bc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0b5898998ef0f0040 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0f1b0a1ae6ee72a6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0682fefbab8f20c19 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-03f8863db5b89f3cc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0b599093e3e3c4c6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-007e9f3f5e6a7dda2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group knowfugo (sg-007e9f3f5e6a7dda2) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0937aff6d72c24a45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-08121f893f2d89138 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-048bccd7d49e2c556 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0325f3fdbd7f4ae04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0f8abce01b2b398db Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group Audit-Bastion (sg-0f8abce01b2b398db) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0f05243b7bf9d3257 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-04edb80657ca25b45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group BASION host (sg-04edb80657ca25b45) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-01ddee8f2302669c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group api.fugoone.com (sg-01ddee8f2302669c3) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-01d6b0b12ee726a22 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-01063b292cec3ec8c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group FUGO-AD (sg-01063b292cec3ec8c) has Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0e1e536387953fb6b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group New_example_fugoone (sg-0e1e536387953fb6b) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-044d5380ff0b25acd Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0a2c2913bff2400c2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0532d1ee42b3f4636 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0f44652776af161f8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0c2a1b648c8879fe5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-08c854f0f6d88954f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-031db14f807d2b614 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0ebcd60f472f0e59d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-c9844db7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group default (sg-c9844db7) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-b52739cb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group default (sg-b52739cb) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-central-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-6cab7d09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group default (sg-6cab7d09) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-north-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-c92874a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group default (sg-c92874a2) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-31d72b79 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group default (sg-31d72b79) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-4b2ddf2a Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group default (sg-4b2ddf2a) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-7aaf9417 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group default (sg-7aaf9417) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 sa-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-f82f8285 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group default (sg-f82f8285) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0236a454c87e868a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-050d9187f381d2f0b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group default (sg-050d9187f381d2f0b) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-7a00c82f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group default (sg-7a00c82f) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0bde47bb7dcbff977 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0d3dc664f916e5beb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group Test Instance (sg-0d3dc664f916e5beb) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-00e8dbdcd832c0963 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-b78824d2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group default (sg-b78824d2) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-06bcee4d6827a114b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group launch-wizard-1 (sg-06bcee4d6827a114b) has Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-d876d4a6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group default (sg-d876d4a6) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-0e76f8d7e9c5345df Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. sg-e0eef6a5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to port 3389. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_3389 Security group default (sg-e0eef6a5) has not Microsoft RDP port 3389 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-a7a8a2d7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group default (sg-a7a8a2d7) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0781bb66 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group default (sg-0781bb66) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-3bd72a56 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group default (sg-3bd72a56) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-051bc89f00d84ba5d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group default (sg-051bc89f00d84ba5d) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-014e8daa4cc040ec3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group FLTITLE (sg-014e8daa4cc040ec3) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-05c4e006af9e88dce Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group production_instance_24hr (sg-05c4e006af9e88dce) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-090b4a2a1c5868d3f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-00d80536c6f581309 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group poc-new-dr-SG (sg-00d80536c6f581309) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-06bd3c482cfc57740 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0cef5febe99cb6c57 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0e3c03071ed78ed08 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-07032cce3a92d339c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group newexample (sg-07032cce3a92d339c) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-03e9695ce5a0004e3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-01ce2418c7b289616 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-048665d6d0c5ddade Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-031e19902e2a5afdf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group xenia (sg-031e19902e2a5afdf) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-09fe68ed6b5fb3364 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-07fe7a4a585a27114 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0d37f630587326b7e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group launch-wizard-8 (sg-0d37f630587326b7e) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-026aafec6fadbd8c1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-07a7e54c93da1b0bb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0aeb794463e80d4fb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0a229ea3e85856a09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group new-rdp-pub (sg-0a229ea3e85856a09) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-008d5e1c2f6c94baa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-07cb54f5346101b04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-08d49b3fee5eae78f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0ced3f254ff2e2449 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group Production_instance (sg-0ced3f254ff2e2449) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0af3d8b5b8bc880fa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0a9daa8c4e10538d0 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0772c4ae4f2152412 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-091c740915160e014 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group default (sg-091c740915160e014) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0cda5846e51d75406 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-04b71d8fe6f61ac09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-08a830f3818df22d8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-09fc17deef2200543 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group launch-wizard-3 (sg-09fc17deef2200543) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0474afad1cede51c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-16c91a78 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group default (sg-16c91a78) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-03dda95217bd722cf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0b36e9776f84be1b8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0bd7e423fac41eca5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group snatpshot_test (sg-0bd7e423fac41eca5) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-05eb10b1b7df8b201 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group default (sg-05eb10b1b7df8b201) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-094663576a916beb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group Scan (sg-094663576a916beb5) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0cf58d958641ae531 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group FLTITLE-db (sg-0cf58d958641ae531) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-07ca5965527721e2b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group test.fugo.ELB (sg-07ca5965527721e2b) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-04ffc3255e82b26a3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group test.fugoone (sg-04ffc3255e82b26a3) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0cc85defb9824bf46 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group newdemo (sg-0cc85defb9824bf46) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0a5358451ab8eb31f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-05621c06837212db5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group fugo office network (sg-05621c06837212db5) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-08b7370c7d1c12ab6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group Workspace (sg-08b7370c7d1c12ab6) has Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0b6c9695323ec455c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0d60b8f6ae7a1dc83 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0b519b5e6321a2762 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group RDP_NEW (sg-0b519b5e6321a2762) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0b6ae40bc40a05870 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group default (sg-0b6ae40bc40a05870) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-07134278bb62c54e5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-04819898c1b060625 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group launch-wizard-1 (sg-04819898c1b060625) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-04e2e7f5507ea7337 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-05f377a970051f352 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0e4aa2f9d569fca18 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-03cd1691502cec67e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group windows (sg-03cd1691502cec67e) has Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0cae57cb9099fc6de Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0dccfce9d4a0c9e60 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0b491bea1db5b5666 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group Windows_Mig_test (sg-0b491bea1db5b5666) has Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0ee48f91f8164b5d9 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0209ccd9248b69ece Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-055f2fcdabec8a369 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group default (sg-055f2fcdabec8a369) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-076ae3302eae38eae Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-04025f2ff76e7bd88 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group test (sg-04025f2ff76e7bd88) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0129ef8098ddb64c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group monitoring-sg (sg-0129ef8098ddb64c3) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0eadf6ec31f93bb8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0491433bb7e2de88d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0c2892864e591824e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group PMS-app-server (sg-0c2892864e591824e) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-06c3a17fe51c9de61 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0fdf571c639c4ea8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0ac53cbf0ab180e84 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-054a81357c28e6fb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0d900345b2583fc49 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group fugoservices-web (sg-0d900345b2583fc49) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-039c5bcf6bdfe954d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0a7e5947d6d3ab692 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group default (sg-0a7e5947d6d3ab692) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-000e6b51a965ce764 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group wazuh (sg-000e6b51a965ce764) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-02aac871f20a48d69 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0299cd0cdfa6599bc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0b5898998ef0f0040 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0f1b0a1ae6ee72a6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0682fefbab8f20c19 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-03f8863db5b89f3cc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0b599093e3e3c4c6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-007e9f3f5e6a7dda2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group knowfugo (sg-007e9f3f5e6a7dda2) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0937aff6d72c24a45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-08121f893f2d89138 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-048bccd7d49e2c556 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0325f3fdbd7f4ae04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0f8abce01b2b398db Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group Audit-Bastion (sg-0f8abce01b2b398db) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0f05243b7bf9d3257 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-04edb80657ca25b45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group BASION host (sg-04edb80657ca25b45) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-01ddee8f2302669c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group api.fugoone.com (sg-01ddee8f2302669c3) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-01d6b0b12ee726a22 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-01063b292cec3ec8c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group FUGO-AD (sg-01063b292cec3ec8c) has Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0e1e536387953fb6b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group New_example_fugoone (sg-0e1e536387953fb6b) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-044d5380ff0b25acd Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0a2c2913bff2400c2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0532d1ee42b3f4636 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0f44652776af161f8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0c2a1b648c8879fe5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-08c854f0f6d88954f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-031db14f807d2b614 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0ebcd60f472f0e59d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-c9844db7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group default (sg-c9844db7) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-b52739cb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group default (sg-b52739cb) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-central-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-6cab7d09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group default (sg-6cab7d09) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-north-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-c92874a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group default (sg-c92874a2) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-31d72b79 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group default (sg-31d72b79) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-4b2ddf2a Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group default (sg-4b2ddf2a) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-7aaf9417 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group default (sg-7aaf9417) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 sa-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-f82f8285 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group default (sg-f82f8285) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0236a454c87e868a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-050d9187f381d2f0b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group default (sg-050d9187f381d2f0b) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-7a00c82f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group default (sg-7a00c82f) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0bde47bb7dcbff977 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0d3dc664f916e5beb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group Test Instance (sg-0d3dc664f916e5beb) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-00e8dbdcd832c0963 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-b78824d2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group default (sg-b78824d2) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-06bcee4d6827a114b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-d876d4a6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group default (sg-d876d4a6) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-0e76f8d7e9c5345df Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. sg-e0eef6a5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Cassandra ports 7199 or 9160 or 8888. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_cassandra_7199_9160_8888 Security group default (sg-e0eef6a5) has not Casandra ports 7199, 8888 and 9160 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-a7a8a2d7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group default (sg-a7a8a2d7) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0781bb66 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group default (sg-0781bb66) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-3bd72a56 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group default (sg-3bd72a56) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-051bc89f00d84ba5d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group default (sg-051bc89f00d84ba5d) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-014e8daa4cc040ec3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group FLTITLE (sg-014e8daa4cc040ec3) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-05c4e006af9e88dce Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group production_instance_24hr (sg-05c4e006af9e88dce) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-090b4a2a1c5868d3f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-00d80536c6f581309 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group poc-new-dr-SG (sg-00d80536c6f581309) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-06bd3c482cfc57740 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0cef5febe99cb6c57 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0e3c03071ed78ed08 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-07032cce3a92d339c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group newexample (sg-07032cce3a92d339c) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-03e9695ce5a0004e3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-01ce2418c7b289616 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-048665d6d0c5ddade Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-031e19902e2a5afdf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group xenia (sg-031e19902e2a5afdf) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-09fe68ed6b5fb3364 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-07fe7a4a585a27114 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0d37f630587326b7e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group launch-wizard-8 (sg-0d37f630587326b7e) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-026aafec6fadbd8c1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-07a7e54c93da1b0bb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0aeb794463e80d4fb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0a229ea3e85856a09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group new-rdp-pub (sg-0a229ea3e85856a09) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-008d5e1c2f6c94baa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-07cb54f5346101b04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-08d49b3fee5eae78f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0ced3f254ff2e2449 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group Production_instance (sg-0ced3f254ff2e2449) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0af3d8b5b8bc880fa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0a9daa8c4e10538d0 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0772c4ae4f2152412 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-091c740915160e014 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group default (sg-091c740915160e014) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0cda5846e51d75406 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-04b71d8fe6f61ac09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-08a830f3818df22d8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-09fc17deef2200543 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group launch-wizard-3 (sg-09fc17deef2200543) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0474afad1cede51c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-16c91a78 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group default (sg-16c91a78) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-03dda95217bd722cf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0b36e9776f84be1b8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0bd7e423fac41eca5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group snatpshot_test (sg-0bd7e423fac41eca5) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-05eb10b1b7df8b201 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group default (sg-05eb10b1b7df8b201) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-094663576a916beb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group Scan (sg-094663576a916beb5) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0cf58d958641ae531 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group FLTITLE-db (sg-0cf58d958641ae531) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-07ca5965527721e2b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group test.fugo.ELB (sg-07ca5965527721e2b) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-04ffc3255e82b26a3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group test.fugoone (sg-04ffc3255e82b26a3) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0cc85defb9824bf46 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group newdemo (sg-0cc85defb9824bf46) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0a5358451ab8eb31f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-05621c06837212db5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group fugo office network (sg-05621c06837212db5) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-08b7370c7d1c12ab6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group Workspace (sg-08b7370c7d1c12ab6) has Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0b6c9695323ec455c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0d60b8f6ae7a1dc83 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0b519b5e6321a2762 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group RDP_NEW (sg-0b519b5e6321a2762) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0b6ae40bc40a05870 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group default (sg-0b6ae40bc40a05870) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-07134278bb62c54e5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-04819898c1b060625 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group launch-wizard-1 (sg-04819898c1b060625) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-04e2e7f5507ea7337 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-05f377a970051f352 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0e4aa2f9d569fca18 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-03cd1691502cec67e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group windows (sg-03cd1691502cec67e) has Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0cae57cb9099fc6de Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0dccfce9d4a0c9e60 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0b491bea1db5b5666 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group Windows_Mig_test (sg-0b491bea1db5b5666) has Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0ee48f91f8164b5d9 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0209ccd9248b69ece Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-055f2fcdabec8a369 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group default (sg-055f2fcdabec8a369) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-076ae3302eae38eae Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-04025f2ff76e7bd88 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group test (sg-04025f2ff76e7bd88) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0129ef8098ddb64c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group monitoring-sg (sg-0129ef8098ddb64c3) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0eadf6ec31f93bb8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0491433bb7e2de88d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0c2892864e591824e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group PMS-app-server (sg-0c2892864e591824e) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-06c3a17fe51c9de61 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0fdf571c639c4ea8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0ac53cbf0ab180e84 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-054a81357c28e6fb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0d900345b2583fc49 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group fugoservices-web (sg-0d900345b2583fc49) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-039c5bcf6bdfe954d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0a7e5947d6d3ab692 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group default (sg-0a7e5947d6d3ab692) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-000e6b51a965ce764 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group wazuh (sg-000e6b51a965ce764) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-02aac871f20a48d69 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0299cd0cdfa6599bc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0b5898998ef0f0040 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0f1b0a1ae6ee72a6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0682fefbab8f20c19 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-03f8863db5b89f3cc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0b599093e3e3c4c6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-007e9f3f5e6a7dda2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group knowfugo (sg-007e9f3f5e6a7dda2) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0937aff6d72c24a45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-08121f893f2d89138 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-048bccd7d49e2c556 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0325f3fdbd7f4ae04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0f8abce01b2b398db Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group Audit-Bastion (sg-0f8abce01b2b398db) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0f05243b7bf9d3257 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-04edb80657ca25b45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group BASION host (sg-04edb80657ca25b45) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-01ddee8f2302669c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group api.fugoone.com (sg-01ddee8f2302669c3) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-01d6b0b12ee726a22 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-01063b292cec3ec8c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group FUGO-AD (sg-01063b292cec3ec8c) has Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0e1e536387953fb6b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group New_example_fugoone (sg-0e1e536387953fb6b) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-044d5380ff0b25acd Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0a2c2913bff2400c2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0532d1ee42b3f4636 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0f44652776af161f8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0c2a1b648c8879fe5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-08c854f0f6d88954f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-031db14f807d2b614 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0ebcd60f472f0e59d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-c9844db7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group default (sg-c9844db7) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-b52739cb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group default (sg-b52739cb) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-central-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-6cab7d09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group default (sg-6cab7d09) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-north-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-c92874a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group default (sg-c92874a2) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-31d72b79 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group default (sg-31d72b79) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-4b2ddf2a Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group default (sg-4b2ddf2a) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-7aaf9417 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group default (sg-7aaf9417) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 sa-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-f82f8285 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group default (sg-f82f8285) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0236a454c87e868a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-050d9187f381d2f0b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group default (sg-050d9187f381d2f0b) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-7a00c82f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group default (sg-7a00c82f) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0bde47bb7dcbff977 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0d3dc664f916e5beb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group Test Instance (sg-0d3dc664f916e5beb) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-00e8dbdcd832c0963 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-b78824d2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group default (sg-b78824d2) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-06bcee4d6827a114b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-d876d4a6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group default (sg-d876d4a6) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-0e76f8d7e9c5345df Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. sg-e0eef6a5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Elasticsearch/Kibana ports. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_elasticsearch_kibana_9200_9300_5601 Security group default (sg-e0eef6a5) has not Elasticsearch/Kibana ports 9200, 9300 and 5601 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-a7a8a2d7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group default (sg-a7a8a2d7) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0781bb66 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group default (sg-0781bb66) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-3bd72a56 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group default (sg-3bd72a56) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-051bc89f00d84ba5d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group default (sg-051bc89f00d84ba5d) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-014e8daa4cc040ec3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group FLTITLE (sg-014e8daa4cc040ec3) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-05c4e006af9e88dce Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group production_instance_24hr (sg-05c4e006af9e88dce) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-090b4a2a1c5868d3f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-00d80536c6f581309 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group poc-new-dr-SG (sg-00d80536c6f581309) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-06bd3c482cfc57740 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0cef5febe99cb6c57 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0e3c03071ed78ed08 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-07032cce3a92d339c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group newexample (sg-07032cce3a92d339c) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-03e9695ce5a0004e3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-01ce2418c7b289616 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-048665d6d0c5ddade Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-031e19902e2a5afdf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group xenia (sg-031e19902e2a5afdf) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-09fe68ed6b5fb3364 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-07fe7a4a585a27114 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0d37f630587326b7e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group launch-wizard-8 (sg-0d37f630587326b7e) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-026aafec6fadbd8c1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-07a7e54c93da1b0bb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0aeb794463e80d4fb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0a229ea3e85856a09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group new-rdp-pub (sg-0a229ea3e85856a09) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-008d5e1c2f6c94baa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-07cb54f5346101b04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-08d49b3fee5eae78f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0ced3f254ff2e2449 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group Production_instance (sg-0ced3f254ff2e2449) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0af3d8b5b8bc880fa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0a9daa8c4e10538d0 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0772c4ae4f2152412 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-091c740915160e014 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group default (sg-091c740915160e014) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0cda5846e51d75406 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-04b71d8fe6f61ac09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-08a830f3818df22d8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-09fc17deef2200543 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group launch-wizard-3 (sg-09fc17deef2200543) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0474afad1cede51c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-16c91a78 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group default (sg-16c91a78) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-03dda95217bd722cf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0b36e9776f84be1b8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0bd7e423fac41eca5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group snatpshot_test (sg-0bd7e423fac41eca5) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-05eb10b1b7df8b201 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group default (sg-05eb10b1b7df8b201) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-094663576a916beb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group Scan (sg-094663576a916beb5) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0cf58d958641ae531 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group FLTITLE-db (sg-0cf58d958641ae531) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-07ca5965527721e2b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group test.fugo.ELB (sg-07ca5965527721e2b) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-04ffc3255e82b26a3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group test.fugoone (sg-04ffc3255e82b26a3) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0cc85defb9824bf46 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group newdemo (sg-0cc85defb9824bf46) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0a5358451ab8eb31f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-05621c06837212db5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group fugo office network (sg-05621c06837212db5) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-08b7370c7d1c12ab6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group Workspace (sg-08b7370c7d1c12ab6) has Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0b6c9695323ec455c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0d60b8f6ae7a1dc83 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0b519b5e6321a2762 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group RDP_NEW (sg-0b519b5e6321a2762) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0b6ae40bc40a05870 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group default (sg-0b6ae40bc40a05870) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-07134278bb62c54e5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-04819898c1b060625 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group launch-wizard-1 (sg-04819898c1b060625) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-04e2e7f5507ea7337 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-05f377a970051f352 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0e4aa2f9d569fca18 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-03cd1691502cec67e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group windows (sg-03cd1691502cec67e) has Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0cae57cb9099fc6de Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0dccfce9d4a0c9e60 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0b491bea1db5b5666 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group Windows_Mig_test (sg-0b491bea1db5b5666) has Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0ee48f91f8164b5d9 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0209ccd9248b69ece Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-055f2fcdabec8a369 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group default (sg-055f2fcdabec8a369) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-076ae3302eae38eae Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-04025f2ff76e7bd88 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group test (sg-04025f2ff76e7bd88) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0129ef8098ddb64c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group monitoring-sg (sg-0129ef8098ddb64c3) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0eadf6ec31f93bb8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0491433bb7e2de88d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0c2892864e591824e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group PMS-app-server (sg-0c2892864e591824e) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-06c3a17fe51c9de61 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0fdf571c639c4ea8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0ac53cbf0ab180e84 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-054a81357c28e6fb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0d900345b2583fc49 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group fugoservices-web (sg-0d900345b2583fc49) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-039c5bcf6bdfe954d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0a7e5947d6d3ab692 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group default (sg-0a7e5947d6d3ab692) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-000e6b51a965ce764 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group wazuh (sg-000e6b51a965ce764) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-02aac871f20a48d69 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0299cd0cdfa6599bc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0b5898998ef0f0040 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0f1b0a1ae6ee72a6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0682fefbab8f20c19 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-03f8863db5b89f3cc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0b599093e3e3c4c6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-007e9f3f5e6a7dda2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group knowfugo (sg-007e9f3f5e6a7dda2) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0937aff6d72c24a45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-08121f893f2d89138 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-048bccd7d49e2c556 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0325f3fdbd7f4ae04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0f8abce01b2b398db Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group Audit-Bastion (sg-0f8abce01b2b398db) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0f05243b7bf9d3257 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-04edb80657ca25b45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group BASION host (sg-04edb80657ca25b45) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-01ddee8f2302669c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group api.fugoone.com (sg-01ddee8f2302669c3) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-01d6b0b12ee726a22 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-01063b292cec3ec8c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group FUGO-AD (sg-01063b292cec3ec8c) has Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0e1e536387953fb6b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group New_example_fugoone (sg-0e1e536387953fb6b) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-044d5380ff0b25acd Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0a2c2913bff2400c2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0532d1ee42b3f4636 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0f44652776af161f8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0c2a1b648c8879fe5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-08c854f0f6d88954f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-031db14f807d2b614 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0ebcd60f472f0e59d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-c9844db7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group default (sg-c9844db7) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-b52739cb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group default (sg-b52739cb) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-central-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-6cab7d09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group default (sg-6cab7d09) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-north-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-c92874a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group default (sg-c92874a2) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-31d72b79 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group default (sg-31d72b79) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-4b2ddf2a Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group default (sg-4b2ddf2a) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-7aaf9417 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group default (sg-7aaf9417) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 sa-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-f82f8285 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group default (sg-f82f8285) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0236a454c87e868a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-050d9187f381d2f0b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group default (sg-050d9187f381d2f0b) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-7a00c82f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group default (sg-7a00c82f) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0bde47bb7dcbff977 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0d3dc664f916e5beb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group Test Instance (sg-0d3dc664f916e5beb) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-00e8dbdcd832c0963 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-b78824d2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group default (sg-b78824d2) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-06bcee4d6827a114b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-d876d4a6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group default (sg-d876d4a6) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0e76f8d7e9c5345df Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-e0eef6a5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_kafka_9092 Security group default (sg-e0eef6a5) has not Kafka port 9092 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-a7a8a2d7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group default (sg-a7a8a2d7) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0781bb66 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group default (sg-0781bb66) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-3bd72a56 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group default (sg-3bd72a56) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-051bc89f00d84ba5d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group default (sg-051bc89f00d84ba5d) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-014e8daa4cc040ec3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group FLTITLE (sg-014e8daa4cc040ec3) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-05c4e006af9e88dce Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group production_instance_24hr (sg-05c4e006af9e88dce) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-090b4a2a1c5868d3f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-00d80536c6f581309 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group poc-new-dr-SG (sg-00d80536c6f581309) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-06bd3c482cfc57740 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0cef5febe99cb6c57 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0e3c03071ed78ed08 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-07032cce3a92d339c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group newexample (sg-07032cce3a92d339c) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-03e9695ce5a0004e3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-01ce2418c7b289616 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-048665d6d0c5ddade Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-031e19902e2a5afdf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group xenia (sg-031e19902e2a5afdf) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-09fe68ed6b5fb3364 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-07fe7a4a585a27114 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0d37f630587326b7e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group launch-wizard-8 (sg-0d37f630587326b7e) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-026aafec6fadbd8c1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-07a7e54c93da1b0bb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0aeb794463e80d4fb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0a229ea3e85856a09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group new-rdp-pub (sg-0a229ea3e85856a09) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-008d5e1c2f6c94baa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-07cb54f5346101b04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-08d49b3fee5eae78f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0ced3f254ff2e2449 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group Production_instance (sg-0ced3f254ff2e2449) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0af3d8b5b8bc880fa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0a9daa8c4e10538d0 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0772c4ae4f2152412 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-091c740915160e014 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group default (sg-091c740915160e014) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0cda5846e51d75406 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-04b71d8fe6f61ac09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-08a830f3818df22d8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-09fc17deef2200543 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group launch-wizard-3 (sg-09fc17deef2200543) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0474afad1cede51c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-16c91a78 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group default (sg-16c91a78) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-03dda95217bd722cf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0b36e9776f84be1b8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0bd7e423fac41eca5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group snatpshot_test (sg-0bd7e423fac41eca5) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-05eb10b1b7df8b201 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group default (sg-05eb10b1b7df8b201) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-094663576a916beb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group Scan (sg-094663576a916beb5) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0cf58d958641ae531 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group FLTITLE-db (sg-0cf58d958641ae531) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-07ca5965527721e2b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group test.fugo.ELB (sg-07ca5965527721e2b) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-04ffc3255e82b26a3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group test.fugoone (sg-04ffc3255e82b26a3) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0cc85defb9824bf46 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group newdemo (sg-0cc85defb9824bf46) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0a5358451ab8eb31f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-05621c06837212db5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group fugo office network (sg-05621c06837212db5) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-08b7370c7d1c12ab6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group Workspace (sg-08b7370c7d1c12ab6) has Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0b6c9695323ec455c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0d60b8f6ae7a1dc83 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0b519b5e6321a2762 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group RDP_NEW (sg-0b519b5e6321a2762) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0b6ae40bc40a05870 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group default (sg-0b6ae40bc40a05870) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-07134278bb62c54e5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-04819898c1b060625 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group launch-wizard-1 (sg-04819898c1b060625) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-04e2e7f5507ea7337 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-05f377a970051f352 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0e4aa2f9d569fca18 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-03cd1691502cec67e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group windows (sg-03cd1691502cec67e) has Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0cae57cb9099fc6de Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0dccfce9d4a0c9e60 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0b491bea1db5b5666 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group Windows_Mig_test (sg-0b491bea1db5b5666) has Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0ee48f91f8164b5d9 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0209ccd9248b69ece Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-055f2fcdabec8a369 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group default (sg-055f2fcdabec8a369) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-076ae3302eae38eae Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-04025f2ff76e7bd88 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group test (sg-04025f2ff76e7bd88) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0129ef8098ddb64c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group monitoring-sg (sg-0129ef8098ddb64c3) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0eadf6ec31f93bb8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0491433bb7e2de88d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0c2892864e591824e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group PMS-app-server (sg-0c2892864e591824e) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-06c3a17fe51c9de61 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0fdf571c639c4ea8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0ac53cbf0ab180e84 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-054a81357c28e6fb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0d900345b2583fc49 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group fugoservices-web (sg-0d900345b2583fc49) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-039c5bcf6bdfe954d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0a7e5947d6d3ab692 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group default (sg-0a7e5947d6d3ab692) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-000e6b51a965ce764 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group wazuh (sg-000e6b51a965ce764) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-02aac871f20a48d69 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0299cd0cdfa6599bc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0b5898998ef0f0040 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0f1b0a1ae6ee72a6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0682fefbab8f20c19 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-03f8863db5b89f3cc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0b599093e3e3c4c6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-007e9f3f5e6a7dda2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group knowfugo (sg-007e9f3f5e6a7dda2) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0937aff6d72c24a45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-08121f893f2d89138 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-048bccd7d49e2c556 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0325f3fdbd7f4ae04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0f8abce01b2b398db Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group Audit-Bastion (sg-0f8abce01b2b398db) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0f05243b7bf9d3257 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-04edb80657ca25b45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group BASION host (sg-04edb80657ca25b45) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-01ddee8f2302669c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group api.fugoone.com (sg-01ddee8f2302669c3) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-01d6b0b12ee726a22 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-01063b292cec3ec8c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group FUGO-AD (sg-01063b292cec3ec8c) has Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0e1e536387953fb6b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group New_example_fugoone (sg-0e1e536387953fb6b) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-044d5380ff0b25acd Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0a2c2913bff2400c2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0532d1ee42b3f4636 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0f44652776af161f8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0c2a1b648c8879fe5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-08c854f0f6d88954f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-031db14f807d2b614 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0ebcd60f472f0e59d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-c9844db7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group default (sg-c9844db7) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-b52739cb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group default (sg-b52739cb) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-central-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-6cab7d09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group default (sg-6cab7d09) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-north-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-c92874a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group default (sg-c92874a2) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-31d72b79 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group default (sg-31d72b79) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-4b2ddf2a Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group default (sg-4b2ddf2a) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-7aaf9417 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group default (sg-7aaf9417) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 sa-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-f82f8285 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group default (sg-f82f8285) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0236a454c87e868a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-050d9187f381d2f0b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group default (sg-050d9187f381d2f0b) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-7a00c82f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group default (sg-7a00c82f) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0bde47bb7dcbff977 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0d3dc664f916e5beb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group Test Instance (sg-0d3dc664f916e5beb) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-00e8dbdcd832c0963 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-b78824d2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group default (sg-b78824d2) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-06bcee4d6827a114b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-d876d4a6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group default (sg-d876d4a6) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-0e76f8d7e9c5345df Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. sg-e0eef6a5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Memcached port 11211. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_memcached_11211 Security group default (sg-e0eef6a5) has not Memcached port 11211 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-a7a8a2d7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group default (sg-a7a8a2d7) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0781bb66 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group default (sg-0781bb66) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-3bd72a56 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group default (sg-3bd72a56) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-051bc89f00d84ba5d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group default (sg-051bc89f00d84ba5d) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-014e8daa4cc040ec3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group FLTITLE (sg-014e8daa4cc040ec3) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-05c4e006af9e88dce Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group production_instance_24hr (sg-05c4e006af9e88dce) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-090b4a2a1c5868d3f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-00d80536c6f581309 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group poc-new-dr-SG (sg-00d80536c6f581309) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-06bd3c482cfc57740 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0cef5febe99cb6c57 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0e3c03071ed78ed08 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-07032cce3a92d339c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group newexample (sg-07032cce3a92d339c) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-03e9695ce5a0004e3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-01ce2418c7b289616 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-048665d6d0c5ddade Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-031e19902e2a5afdf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group xenia (sg-031e19902e2a5afdf) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-09fe68ed6b5fb3364 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-07fe7a4a585a27114 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0d37f630587326b7e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group launch-wizard-8 (sg-0d37f630587326b7e) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-026aafec6fadbd8c1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-07a7e54c93da1b0bb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0aeb794463e80d4fb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0a229ea3e85856a09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group new-rdp-pub (sg-0a229ea3e85856a09) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-008d5e1c2f6c94baa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-07cb54f5346101b04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-08d49b3fee5eae78f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0ced3f254ff2e2449 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group Production_instance (sg-0ced3f254ff2e2449) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0af3d8b5b8bc880fa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0a9daa8c4e10538d0 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0772c4ae4f2152412 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-091c740915160e014 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group default (sg-091c740915160e014) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0cda5846e51d75406 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-04b71d8fe6f61ac09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-08a830f3818df22d8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-09fc17deef2200543 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group launch-wizard-3 (sg-09fc17deef2200543) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0474afad1cede51c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-16c91a78 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group default (sg-16c91a78) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-03dda95217bd722cf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0b36e9776f84be1b8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0bd7e423fac41eca5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group snatpshot_test (sg-0bd7e423fac41eca5) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-05eb10b1b7df8b201 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group default (sg-05eb10b1b7df8b201) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-094663576a916beb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group Scan (sg-094663576a916beb5) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0cf58d958641ae531 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group FLTITLE-db (sg-0cf58d958641ae531) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-07ca5965527721e2b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group test.fugo.ELB (sg-07ca5965527721e2b) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-04ffc3255e82b26a3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group test.fugoone (sg-04ffc3255e82b26a3) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0cc85defb9824bf46 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group newdemo (sg-0cc85defb9824bf46) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0a5358451ab8eb31f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-05621c06837212db5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group fugo office network (sg-05621c06837212db5) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-08b7370c7d1c12ab6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group Workspace (sg-08b7370c7d1c12ab6) has MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0b6c9695323ec455c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0d60b8f6ae7a1dc83 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0b519b5e6321a2762 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group RDP_NEW (sg-0b519b5e6321a2762) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0b6ae40bc40a05870 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group default (sg-0b6ae40bc40a05870) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-07134278bb62c54e5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-04819898c1b060625 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group launch-wizard-1 (sg-04819898c1b060625) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-04e2e7f5507ea7337 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-05f377a970051f352 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0e4aa2f9d569fca18 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-03cd1691502cec67e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group windows (sg-03cd1691502cec67e) has MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0cae57cb9099fc6de Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0dccfce9d4a0c9e60 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0b491bea1db5b5666 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group Windows_Mig_test (sg-0b491bea1db5b5666) has MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0ee48f91f8164b5d9 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0209ccd9248b69ece Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-055f2fcdabec8a369 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group default (sg-055f2fcdabec8a369) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-076ae3302eae38eae Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-04025f2ff76e7bd88 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group test (sg-04025f2ff76e7bd88) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0129ef8098ddb64c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group monitoring-sg (sg-0129ef8098ddb64c3) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0eadf6ec31f93bb8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0491433bb7e2de88d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0c2892864e591824e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group PMS-app-server (sg-0c2892864e591824e) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-06c3a17fe51c9de61 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0fdf571c639c4ea8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0ac53cbf0ab180e84 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-054a81357c28e6fb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0d900345b2583fc49 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group fugoservices-web (sg-0d900345b2583fc49) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-039c5bcf6bdfe954d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0a7e5947d6d3ab692 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group default (sg-0a7e5947d6d3ab692) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-000e6b51a965ce764 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group wazuh (sg-000e6b51a965ce764) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-02aac871f20a48d69 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0299cd0cdfa6599bc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0b5898998ef0f0040 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0f1b0a1ae6ee72a6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0682fefbab8f20c19 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-03f8863db5b89f3cc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0b599093e3e3c4c6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-007e9f3f5e6a7dda2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group knowfugo (sg-007e9f3f5e6a7dda2) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0937aff6d72c24a45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-08121f893f2d89138 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-048bccd7d49e2c556 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0325f3fdbd7f4ae04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0f8abce01b2b398db Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group Audit-Bastion (sg-0f8abce01b2b398db) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0f05243b7bf9d3257 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-04edb80657ca25b45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group BASION host (sg-04edb80657ca25b45) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-01ddee8f2302669c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group api.fugoone.com (sg-01ddee8f2302669c3) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-01d6b0b12ee726a22 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-01063b292cec3ec8c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group FUGO-AD (sg-01063b292cec3ec8c) has MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0e1e536387953fb6b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group New_example_fugoone (sg-0e1e536387953fb6b) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-044d5380ff0b25acd Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0a2c2913bff2400c2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0532d1ee42b3f4636 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0f44652776af161f8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0c2a1b648c8879fe5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-08c854f0f6d88954f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-031db14f807d2b614 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0ebcd60f472f0e59d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-c9844db7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group default (sg-c9844db7) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-b52739cb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group default (sg-b52739cb) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-central-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-6cab7d09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group default (sg-6cab7d09) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-north-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-c92874a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group default (sg-c92874a2) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-31d72b79 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group default (sg-31d72b79) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-4b2ddf2a Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group default (sg-4b2ddf2a) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-7aaf9417 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group default (sg-7aaf9417) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 sa-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-f82f8285 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group default (sg-f82f8285) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0236a454c87e868a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-050d9187f381d2f0b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group default (sg-050d9187f381d2f0b) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-7a00c82f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group default (sg-7a00c82f) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0bde47bb7dcbff977 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0d3dc664f916e5beb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group Test Instance (sg-0d3dc664f916e5beb) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-00e8dbdcd832c0963 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-b78824d2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group default (sg-b78824d2) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-06bcee4d6827a114b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-d876d4a6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group default (sg-d876d4a6) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-0e76f8d7e9c5345df Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. sg-e0eef6a5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to MySQL port 3306. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_mysql_3306 Security group default (sg-e0eef6a5) has not MySQL port 3306 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-a7a8a2d7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group default (sg-a7a8a2d7) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0781bb66 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group default (sg-0781bb66) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-3bd72a56 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group default (sg-3bd72a56) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-051bc89f00d84ba5d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group default (sg-051bc89f00d84ba5d) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-014e8daa4cc040ec3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group FLTITLE (sg-014e8daa4cc040ec3) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-05c4e006af9e88dce Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group production_instance_24hr (sg-05c4e006af9e88dce) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-090b4a2a1c5868d3f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-00d80536c6f581309 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group poc-new-dr-SG (sg-00d80536c6f581309) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-06bd3c482cfc57740 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0cef5febe99cb6c57 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0e3c03071ed78ed08 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-07032cce3a92d339c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group newexample (sg-07032cce3a92d339c) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-03e9695ce5a0004e3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-01ce2418c7b289616 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-048665d6d0c5ddade Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-031e19902e2a5afdf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group xenia (sg-031e19902e2a5afdf) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-09fe68ed6b5fb3364 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-07fe7a4a585a27114 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0d37f630587326b7e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group launch-wizard-8 (sg-0d37f630587326b7e) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-026aafec6fadbd8c1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-07a7e54c93da1b0bb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0aeb794463e80d4fb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0a229ea3e85856a09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group new-rdp-pub (sg-0a229ea3e85856a09) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-008d5e1c2f6c94baa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-07cb54f5346101b04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-08d49b3fee5eae78f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0ced3f254ff2e2449 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group Production_instance (sg-0ced3f254ff2e2449) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0af3d8b5b8bc880fa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0a9daa8c4e10538d0 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0772c4ae4f2152412 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-091c740915160e014 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group default (sg-091c740915160e014) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0cda5846e51d75406 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-04b71d8fe6f61ac09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-08a830f3818df22d8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-09fc17deef2200543 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group launch-wizard-3 (sg-09fc17deef2200543) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0474afad1cede51c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-16c91a78 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group default (sg-16c91a78) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-03dda95217bd722cf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0b36e9776f84be1b8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0bd7e423fac41eca5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group snatpshot_test (sg-0bd7e423fac41eca5) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-05eb10b1b7df8b201 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group default (sg-05eb10b1b7df8b201) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-094663576a916beb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group Scan (sg-094663576a916beb5) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0cf58d958641ae531 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group FLTITLE-db (sg-0cf58d958641ae531) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-07ca5965527721e2b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group test.fugo.ELB (sg-07ca5965527721e2b) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-04ffc3255e82b26a3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group test.fugoone (sg-04ffc3255e82b26a3) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0cc85defb9824bf46 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group newdemo (sg-0cc85defb9824bf46) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0a5358451ab8eb31f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-05621c06837212db5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group fugo office network (sg-05621c06837212db5) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-08b7370c7d1c12ab6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group Workspace (sg-08b7370c7d1c12ab6) has Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0b6c9695323ec455c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0d60b8f6ae7a1dc83 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0b519b5e6321a2762 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group RDP_NEW (sg-0b519b5e6321a2762) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0b6ae40bc40a05870 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group default (sg-0b6ae40bc40a05870) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-07134278bb62c54e5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-04819898c1b060625 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group launch-wizard-1 (sg-04819898c1b060625) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-04e2e7f5507ea7337 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-05f377a970051f352 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0e4aa2f9d569fca18 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-03cd1691502cec67e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group windows (sg-03cd1691502cec67e) has Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0cae57cb9099fc6de Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0dccfce9d4a0c9e60 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0b491bea1db5b5666 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group Windows_Mig_test (sg-0b491bea1db5b5666) has Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0ee48f91f8164b5d9 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0209ccd9248b69ece Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-055f2fcdabec8a369 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group default (sg-055f2fcdabec8a369) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-076ae3302eae38eae Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-04025f2ff76e7bd88 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group test (sg-04025f2ff76e7bd88) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0129ef8098ddb64c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group monitoring-sg (sg-0129ef8098ddb64c3) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0eadf6ec31f93bb8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0491433bb7e2de88d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0c2892864e591824e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group PMS-app-server (sg-0c2892864e591824e) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-06c3a17fe51c9de61 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0fdf571c639c4ea8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0ac53cbf0ab180e84 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-054a81357c28e6fb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0d900345b2583fc49 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group fugoservices-web (sg-0d900345b2583fc49) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-039c5bcf6bdfe954d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0a7e5947d6d3ab692 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group default (sg-0a7e5947d6d3ab692) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-000e6b51a965ce764 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group wazuh (sg-000e6b51a965ce764) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-02aac871f20a48d69 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0299cd0cdfa6599bc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0b5898998ef0f0040 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0f1b0a1ae6ee72a6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0682fefbab8f20c19 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-03f8863db5b89f3cc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0b599093e3e3c4c6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-007e9f3f5e6a7dda2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group knowfugo (sg-007e9f3f5e6a7dda2) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0937aff6d72c24a45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-08121f893f2d89138 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-048bccd7d49e2c556 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0325f3fdbd7f4ae04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0f8abce01b2b398db Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group Audit-Bastion (sg-0f8abce01b2b398db) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0f05243b7bf9d3257 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-04edb80657ca25b45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group BASION host (sg-04edb80657ca25b45) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-01ddee8f2302669c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group api.fugoone.com (sg-01ddee8f2302669c3) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-01d6b0b12ee726a22 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-01063b292cec3ec8c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group FUGO-AD (sg-01063b292cec3ec8c) has Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0e1e536387953fb6b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group New_example_fugoone (sg-0e1e536387953fb6b) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-044d5380ff0b25acd Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0a2c2913bff2400c2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0532d1ee42b3f4636 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0f44652776af161f8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0c2a1b648c8879fe5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-08c854f0f6d88954f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-031db14f807d2b614 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0ebcd60f472f0e59d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-c9844db7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group default (sg-c9844db7) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-b52739cb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group default (sg-b52739cb) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-central-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-6cab7d09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group default (sg-6cab7d09) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-north-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-c92874a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group default (sg-c92874a2) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-31d72b79 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group default (sg-31d72b79) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-4b2ddf2a Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group default (sg-4b2ddf2a) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-7aaf9417 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group default (sg-7aaf9417) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 sa-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-f82f8285 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group default (sg-f82f8285) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0236a454c87e868a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-050d9187f381d2f0b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group default (sg-050d9187f381d2f0b) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-7a00c82f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group default (sg-7a00c82f) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0bde47bb7dcbff977 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0d3dc664f916e5beb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group Test Instance (sg-0d3dc664f916e5beb) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-00e8dbdcd832c0963 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-b78824d2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group default (sg-b78824d2) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-06bcee4d6827a114b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-d876d4a6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group default (sg-d876d4a6) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-0e76f8d7e9c5345df Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. sg-e0eef6a5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Oracle ports 1521 or 2483. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_oracle_1521_2483 Security group default (sg-e0eef6a5) has not Oracle ports 1521 and 2483 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-a7a8a2d7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group default (sg-a7a8a2d7) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0781bb66 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group default (sg-0781bb66) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-3bd72a56 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group default (sg-3bd72a56) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-051bc89f00d84ba5d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group default (sg-051bc89f00d84ba5d) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-014e8daa4cc040ec3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group FLTITLE (sg-014e8daa4cc040ec3) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-05c4e006af9e88dce Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group production_instance_24hr (sg-05c4e006af9e88dce) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-090b4a2a1c5868d3f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-00d80536c6f581309 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group poc-new-dr-SG (sg-00d80536c6f581309) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-06bd3c482cfc57740 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0cef5febe99cb6c57 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0e3c03071ed78ed08 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-07032cce3a92d339c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group newexample (sg-07032cce3a92d339c) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-03e9695ce5a0004e3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-01ce2418c7b289616 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-048665d6d0c5ddade Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-031e19902e2a5afdf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group xenia (sg-031e19902e2a5afdf) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-09fe68ed6b5fb3364 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-07fe7a4a585a27114 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0d37f630587326b7e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group launch-wizard-8 (sg-0d37f630587326b7e) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-026aafec6fadbd8c1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-07a7e54c93da1b0bb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0aeb794463e80d4fb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0a229ea3e85856a09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group new-rdp-pub (sg-0a229ea3e85856a09) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-008d5e1c2f6c94baa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-07cb54f5346101b04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-08d49b3fee5eae78f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0ced3f254ff2e2449 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group Production_instance (sg-0ced3f254ff2e2449) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0af3d8b5b8bc880fa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0a9daa8c4e10538d0 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0772c4ae4f2152412 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-091c740915160e014 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group default (sg-091c740915160e014) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0cda5846e51d75406 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-04b71d8fe6f61ac09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-08a830f3818df22d8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-09fc17deef2200543 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group launch-wizard-3 (sg-09fc17deef2200543) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0474afad1cede51c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-16c91a78 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group default (sg-16c91a78) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-03dda95217bd722cf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0b36e9776f84be1b8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0bd7e423fac41eca5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group snatpshot_test (sg-0bd7e423fac41eca5) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-05eb10b1b7df8b201 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group default (sg-05eb10b1b7df8b201) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-094663576a916beb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group Scan (sg-094663576a916beb5) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0cf58d958641ae531 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group FLTITLE-db (sg-0cf58d958641ae531) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-07ca5965527721e2b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group test.fugo.ELB (sg-07ca5965527721e2b) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-04ffc3255e82b26a3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group test.fugoone (sg-04ffc3255e82b26a3) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0cc85defb9824bf46 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group newdemo (sg-0cc85defb9824bf46) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0a5358451ab8eb31f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-05621c06837212db5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group fugo office network (sg-05621c06837212db5) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-08b7370c7d1c12ab6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group Workspace (sg-08b7370c7d1c12ab6) has Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0b6c9695323ec455c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0d60b8f6ae7a1dc83 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0b519b5e6321a2762 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group RDP_NEW (sg-0b519b5e6321a2762) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0b6ae40bc40a05870 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group default (sg-0b6ae40bc40a05870) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-07134278bb62c54e5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-04819898c1b060625 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group launch-wizard-1 (sg-04819898c1b060625) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-04e2e7f5507ea7337 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-05f377a970051f352 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0e4aa2f9d569fca18 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-03cd1691502cec67e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group windows (sg-03cd1691502cec67e) has Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0cae57cb9099fc6de Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0dccfce9d4a0c9e60 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0b491bea1db5b5666 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group Windows_Mig_test (sg-0b491bea1db5b5666) has Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0ee48f91f8164b5d9 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0209ccd9248b69ece Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-055f2fcdabec8a369 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group default (sg-055f2fcdabec8a369) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-076ae3302eae38eae Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-04025f2ff76e7bd88 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group test (sg-04025f2ff76e7bd88) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0129ef8098ddb64c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group monitoring-sg (sg-0129ef8098ddb64c3) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0eadf6ec31f93bb8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0491433bb7e2de88d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0c2892864e591824e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group PMS-app-server (sg-0c2892864e591824e) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-06c3a17fe51c9de61 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0fdf571c639c4ea8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0ac53cbf0ab180e84 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-054a81357c28e6fb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0d900345b2583fc49 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group fugoservices-web (sg-0d900345b2583fc49) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-039c5bcf6bdfe954d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0a7e5947d6d3ab692 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group default (sg-0a7e5947d6d3ab692) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-000e6b51a965ce764 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group wazuh (sg-000e6b51a965ce764) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-02aac871f20a48d69 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0299cd0cdfa6599bc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0b5898998ef0f0040 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0f1b0a1ae6ee72a6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0682fefbab8f20c19 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-03f8863db5b89f3cc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0b599093e3e3c4c6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-007e9f3f5e6a7dda2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group knowfugo (sg-007e9f3f5e6a7dda2) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0937aff6d72c24a45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-08121f893f2d89138 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-048bccd7d49e2c556 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0325f3fdbd7f4ae04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0f8abce01b2b398db Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group Audit-Bastion (sg-0f8abce01b2b398db) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0f05243b7bf9d3257 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-04edb80657ca25b45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group BASION host (sg-04edb80657ca25b45) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-01ddee8f2302669c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group api.fugoone.com (sg-01ddee8f2302669c3) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-01d6b0b12ee726a22 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-01063b292cec3ec8c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group FUGO-AD (sg-01063b292cec3ec8c) has Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0e1e536387953fb6b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group New_example_fugoone (sg-0e1e536387953fb6b) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-044d5380ff0b25acd Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0a2c2913bff2400c2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0532d1ee42b3f4636 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0f44652776af161f8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0c2a1b648c8879fe5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-08c854f0f6d88954f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-031db14f807d2b614 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0ebcd60f472f0e59d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-c9844db7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group default (sg-c9844db7) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-b52739cb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group default (sg-b52739cb) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-central-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-6cab7d09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group default (sg-6cab7d09) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-north-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-c92874a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group default (sg-c92874a2) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-31d72b79 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group default (sg-31d72b79) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-4b2ddf2a Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group default (sg-4b2ddf2a) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-7aaf9417 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group default (sg-7aaf9417) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 sa-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-f82f8285 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group default (sg-f82f8285) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0236a454c87e868a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-050d9187f381d2f0b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group default (sg-050d9187f381d2f0b) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-7a00c82f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group default (sg-7a00c82f) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0bde47bb7dcbff977 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0d3dc664f916e5beb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group Test Instance (sg-0d3dc664f916e5beb) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-00e8dbdcd832c0963 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-b78824d2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group default (sg-b78824d2) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-06bcee4d6827a114b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-d876d4a6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group default (sg-d876d4a6) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-0e76f8d7e9c5345df Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. sg-e0eef6a5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Postgres port 5432. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_postgres_5432 Security group default (sg-e0eef6a5) has not Postgres port 5432 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-a7a8a2d7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group default (sg-a7a8a2d7) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0781bb66 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group default (sg-0781bb66) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-3bd72a56 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group default (sg-3bd72a56) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-051bc89f00d84ba5d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group default (sg-051bc89f00d84ba5d) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-014e8daa4cc040ec3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group FLTITLE (sg-014e8daa4cc040ec3) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-05c4e006af9e88dce Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group production_instance_24hr (sg-05c4e006af9e88dce) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-090b4a2a1c5868d3f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-00d80536c6f581309 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group poc-new-dr-SG (sg-00d80536c6f581309) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-06bd3c482cfc57740 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0cef5febe99cb6c57 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0e3c03071ed78ed08 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-07032cce3a92d339c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group newexample (sg-07032cce3a92d339c) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-03e9695ce5a0004e3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-01ce2418c7b289616 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-048665d6d0c5ddade Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-031e19902e2a5afdf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group xenia (sg-031e19902e2a5afdf) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-09fe68ed6b5fb3364 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-07fe7a4a585a27114 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0d37f630587326b7e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group launch-wizard-8 (sg-0d37f630587326b7e) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-026aafec6fadbd8c1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-07a7e54c93da1b0bb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0aeb794463e80d4fb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0a229ea3e85856a09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group new-rdp-pub (sg-0a229ea3e85856a09) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-008d5e1c2f6c94baa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-07cb54f5346101b04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-08d49b3fee5eae78f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0ced3f254ff2e2449 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group Production_instance (sg-0ced3f254ff2e2449) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0af3d8b5b8bc880fa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0a9daa8c4e10538d0 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0772c4ae4f2152412 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-091c740915160e014 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group default (sg-091c740915160e014) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0cda5846e51d75406 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-04b71d8fe6f61ac09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-08a830f3818df22d8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-09fc17deef2200543 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group launch-wizard-3 (sg-09fc17deef2200543) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0474afad1cede51c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-16c91a78 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group default (sg-16c91a78) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-03dda95217bd722cf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0b36e9776f84be1b8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0bd7e423fac41eca5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group snatpshot_test (sg-0bd7e423fac41eca5) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-05eb10b1b7df8b201 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group default (sg-05eb10b1b7df8b201) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-094663576a916beb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group Scan (sg-094663576a916beb5) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0cf58d958641ae531 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group FLTITLE-db (sg-0cf58d958641ae531) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-07ca5965527721e2b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group test.fugo.ELB (sg-07ca5965527721e2b) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-04ffc3255e82b26a3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group test.fugoone (sg-04ffc3255e82b26a3) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0cc85defb9824bf46 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group newdemo (sg-0cc85defb9824bf46) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0a5358451ab8eb31f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-05621c06837212db5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group fugo office network (sg-05621c06837212db5) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-08b7370c7d1c12ab6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group Workspace (sg-08b7370c7d1c12ab6) has Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0b6c9695323ec455c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0d60b8f6ae7a1dc83 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0b519b5e6321a2762 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group RDP_NEW (sg-0b519b5e6321a2762) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0b6ae40bc40a05870 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group default (sg-0b6ae40bc40a05870) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-07134278bb62c54e5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-04819898c1b060625 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group launch-wizard-1 (sg-04819898c1b060625) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-04e2e7f5507ea7337 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-05f377a970051f352 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0e4aa2f9d569fca18 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-03cd1691502cec67e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group windows (sg-03cd1691502cec67e) has Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0cae57cb9099fc6de Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0dccfce9d4a0c9e60 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0b491bea1db5b5666 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group Windows_Mig_test (sg-0b491bea1db5b5666) has Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0ee48f91f8164b5d9 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0209ccd9248b69ece Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-055f2fcdabec8a369 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group default (sg-055f2fcdabec8a369) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-076ae3302eae38eae Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-04025f2ff76e7bd88 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group test (sg-04025f2ff76e7bd88) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0129ef8098ddb64c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group monitoring-sg (sg-0129ef8098ddb64c3) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0eadf6ec31f93bb8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0491433bb7e2de88d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0c2892864e591824e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group PMS-app-server (sg-0c2892864e591824e) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-06c3a17fe51c9de61 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0fdf571c639c4ea8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0ac53cbf0ab180e84 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-054a81357c28e6fb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0d900345b2583fc49 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group fugoservices-web (sg-0d900345b2583fc49) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-039c5bcf6bdfe954d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0a7e5947d6d3ab692 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group default (sg-0a7e5947d6d3ab692) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-000e6b51a965ce764 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group wazuh (sg-000e6b51a965ce764) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-02aac871f20a48d69 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0299cd0cdfa6599bc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0b5898998ef0f0040 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0f1b0a1ae6ee72a6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0682fefbab8f20c19 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-03f8863db5b89f3cc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0b599093e3e3c4c6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-007e9f3f5e6a7dda2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group knowfugo (sg-007e9f3f5e6a7dda2) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0937aff6d72c24a45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-08121f893f2d89138 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-048bccd7d49e2c556 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0325f3fdbd7f4ae04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0f8abce01b2b398db Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group Audit-Bastion (sg-0f8abce01b2b398db) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0f05243b7bf9d3257 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-04edb80657ca25b45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group BASION host (sg-04edb80657ca25b45) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-01ddee8f2302669c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group api.fugoone.com (sg-01ddee8f2302669c3) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-01d6b0b12ee726a22 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-01063b292cec3ec8c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group FUGO-AD (sg-01063b292cec3ec8c) has Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0e1e536387953fb6b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group New_example_fugoone (sg-0e1e536387953fb6b) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-044d5380ff0b25acd Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0a2c2913bff2400c2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0532d1ee42b3f4636 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0f44652776af161f8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0c2a1b648c8879fe5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-08c854f0f6d88954f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-031db14f807d2b614 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0ebcd60f472f0e59d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-c9844db7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group default (sg-c9844db7) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-b52739cb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group default (sg-b52739cb) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-central-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-6cab7d09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group default (sg-6cab7d09) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-north-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-c92874a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group default (sg-c92874a2) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-31d72b79 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group default (sg-31d72b79) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-4b2ddf2a Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group default (sg-4b2ddf2a) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-7aaf9417 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group default (sg-7aaf9417) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 sa-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-f82f8285 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group default (sg-f82f8285) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0236a454c87e868a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-050d9187f381d2f0b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group default (sg-050d9187f381d2f0b) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-7a00c82f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group default (sg-7a00c82f) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0bde47bb7dcbff977 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0d3dc664f916e5beb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group Test Instance (sg-0d3dc664f916e5beb) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-00e8dbdcd832c0963 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-b78824d2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group default (sg-b78824d2) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-06bcee4d6827a114b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-d876d4a6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group default (sg-d876d4a6) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-0e76f8d7e9c5345df Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. sg-e0eef6a5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Redis port 6379. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_redis_6379 Security group default (sg-e0eef6a5) has not Redis port 6379 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-a7a8a2d7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group default (sg-a7a8a2d7) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0781bb66 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group default (sg-0781bb66) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-3bd72a56 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group default (sg-3bd72a56) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-051bc89f00d84ba5d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group default (sg-051bc89f00d84ba5d) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-014e8daa4cc040ec3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group FLTITLE (sg-014e8daa4cc040ec3) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-05c4e006af9e88dce Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group production_instance_24hr (sg-05c4e006af9e88dce) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-090b4a2a1c5868d3f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-00d80536c6f581309 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group poc-new-dr-SG (sg-00d80536c6f581309) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-06bd3c482cfc57740 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0cef5febe99cb6c57 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0e3c03071ed78ed08 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-07032cce3a92d339c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group newexample (sg-07032cce3a92d339c) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-03e9695ce5a0004e3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-01ce2418c7b289616 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-048665d6d0c5ddade Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-031e19902e2a5afdf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group xenia (sg-031e19902e2a5afdf) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-09fe68ed6b5fb3364 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-07fe7a4a585a27114 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0d37f630587326b7e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group launch-wizard-8 (sg-0d37f630587326b7e) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-026aafec6fadbd8c1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-07a7e54c93da1b0bb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0aeb794463e80d4fb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0a229ea3e85856a09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group new-rdp-pub (sg-0a229ea3e85856a09) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-008d5e1c2f6c94baa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-07cb54f5346101b04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-08d49b3fee5eae78f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0ced3f254ff2e2449 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group Production_instance (sg-0ced3f254ff2e2449) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0af3d8b5b8bc880fa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0a9daa8c4e10538d0 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0772c4ae4f2152412 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-091c740915160e014 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group default (sg-091c740915160e014) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0cda5846e51d75406 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-04b71d8fe6f61ac09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-08a830f3818df22d8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-09fc17deef2200543 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group launch-wizard-3 (sg-09fc17deef2200543) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0474afad1cede51c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-16c91a78 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group default (sg-16c91a78) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-03dda95217bd722cf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0b36e9776f84be1b8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0bd7e423fac41eca5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group snatpshot_test (sg-0bd7e423fac41eca5) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-05eb10b1b7df8b201 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group default (sg-05eb10b1b7df8b201) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-094663576a916beb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group Scan (sg-094663576a916beb5) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0cf58d958641ae531 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group FLTITLE-db (sg-0cf58d958641ae531) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-07ca5965527721e2b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group test.fugo.ELB (sg-07ca5965527721e2b) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-04ffc3255e82b26a3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group test.fugoone (sg-04ffc3255e82b26a3) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0cc85defb9824bf46 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group newdemo (sg-0cc85defb9824bf46) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0a5358451ab8eb31f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-05621c06837212db5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group fugo office network (sg-05621c06837212db5) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-08b7370c7d1c12ab6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group Workspace (sg-08b7370c7d1c12ab6) has Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0b6c9695323ec455c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0d60b8f6ae7a1dc83 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0b519b5e6321a2762 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group RDP_NEW (sg-0b519b5e6321a2762) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0b6ae40bc40a05870 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group default (sg-0b6ae40bc40a05870) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-07134278bb62c54e5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-04819898c1b060625 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group launch-wizard-1 (sg-04819898c1b060625) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-04e2e7f5507ea7337 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-05f377a970051f352 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0e4aa2f9d569fca18 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-03cd1691502cec67e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group windows (sg-03cd1691502cec67e) has Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0cae57cb9099fc6de Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0dccfce9d4a0c9e60 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0b491bea1db5b5666 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group Windows_Mig_test (sg-0b491bea1db5b5666) has Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0ee48f91f8164b5d9 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0209ccd9248b69ece Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-055f2fcdabec8a369 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group default (sg-055f2fcdabec8a369) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-076ae3302eae38eae Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-04025f2ff76e7bd88 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group test (sg-04025f2ff76e7bd88) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0129ef8098ddb64c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group monitoring-sg (sg-0129ef8098ddb64c3) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0eadf6ec31f93bb8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0491433bb7e2de88d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0c2892864e591824e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group PMS-app-server (sg-0c2892864e591824e) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-06c3a17fe51c9de61 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0fdf571c639c4ea8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0ac53cbf0ab180e84 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-054a81357c28e6fb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0d900345b2583fc49 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group fugoservices-web (sg-0d900345b2583fc49) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-039c5bcf6bdfe954d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0a7e5947d6d3ab692 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group default (sg-0a7e5947d6d3ab692) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-000e6b51a965ce764 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group wazuh (sg-000e6b51a965ce764) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-02aac871f20a48d69 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0299cd0cdfa6599bc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0b5898998ef0f0040 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0f1b0a1ae6ee72a6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0682fefbab8f20c19 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-03f8863db5b89f3cc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0b599093e3e3c4c6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-007e9f3f5e6a7dda2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group knowfugo (sg-007e9f3f5e6a7dda2) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0937aff6d72c24a45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-08121f893f2d89138 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-048bccd7d49e2c556 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0325f3fdbd7f4ae04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0f8abce01b2b398db Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group Audit-Bastion (sg-0f8abce01b2b398db) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0f05243b7bf9d3257 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-04edb80657ca25b45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group BASION host (sg-04edb80657ca25b45) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-01ddee8f2302669c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group api.fugoone.com (sg-01ddee8f2302669c3) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-01d6b0b12ee726a22 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-01063b292cec3ec8c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group FUGO-AD (sg-01063b292cec3ec8c) has Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0e1e536387953fb6b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group New_example_fugoone (sg-0e1e536387953fb6b) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-044d5380ff0b25acd Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0a2c2913bff2400c2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0532d1ee42b3f4636 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0f44652776af161f8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0c2a1b648c8879fe5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-08c854f0f6d88954f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-031db14f807d2b614 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0ebcd60f472f0e59d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-c9844db7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group default (sg-c9844db7) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-b52739cb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group default (sg-b52739cb) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-central-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-6cab7d09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group default (sg-6cab7d09) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-north-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-c92874a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group default (sg-c92874a2) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-31d72b79 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group default (sg-31d72b79) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-4b2ddf2a Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group default (sg-4b2ddf2a) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-7aaf9417 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group default (sg-7aaf9417) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 sa-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-f82f8285 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group default (sg-f82f8285) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0236a454c87e868a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-050d9187f381d2f0b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group default (sg-050d9187f381d2f0b) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-7a00c82f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group default (sg-7a00c82f) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0bde47bb7dcbff977 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0d3dc664f916e5beb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group Test Instance (sg-0d3dc664f916e5beb) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-00e8dbdcd832c0963 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-b78824d2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group default (sg-b78824d2) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-06bcee4d6827a114b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-d876d4a6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group default (sg-d876d4a6) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-0e76f8d7e9c5345df Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. sg-e0eef6a5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Windows SQL Server ports 1433 or 1434. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_sql_server_1433_1434 Security group default (sg-e0eef6a5) has not Microsoft SQL Server ports 1433 and 1434 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-a7a8a2d7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group default (sg-a7a8a2d7) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0781bb66 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group default (sg-0781bb66) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-3bd72a56 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group default (sg-3bd72a56) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-051bc89f00d84ba5d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group default (sg-051bc89f00d84ba5d) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-014e8daa4cc040ec3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group FLTITLE (sg-014e8daa4cc040ec3) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-05c4e006af9e88dce Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group production_instance_24hr (sg-05c4e006af9e88dce) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-090b4a2a1c5868d3f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-00d80536c6f581309 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group poc-new-dr-SG (sg-00d80536c6f581309) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-06bd3c482cfc57740 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group launch-wizard-10 (sg-06bd3c482cfc57740) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0cef5febe99cb6c57 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0e3c03071ed78ed08 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-07032cce3a92d339c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group newexample (sg-07032cce3a92d339c) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-03e9695ce5a0004e3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-01ce2418c7b289616 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-048665d6d0c5ddade Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group launch-wizard-12 (sg-048665d6d0c5ddade) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-031e19902e2a5afdf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group xenia (sg-031e19902e2a5afdf) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-09fe68ed6b5fb3364 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-07fe7a4a585a27114 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0d37f630587326b7e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group launch-wizard-8 (sg-0d37f630587326b7e) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-026aafec6fadbd8c1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-07a7e54c93da1b0bb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0aeb794463e80d4fb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0a229ea3e85856a09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group new-rdp-pub (sg-0a229ea3e85856a09) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-008d5e1c2f6c94baa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-07cb54f5346101b04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-08d49b3fee5eae78f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0ced3f254ff2e2449 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group Production_instance (sg-0ced3f254ff2e2449) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0af3d8b5b8bc880fa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0a9daa8c4e10538d0 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0772c4ae4f2152412 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group launch-wizard-9 (sg-0772c4ae4f2152412) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-091c740915160e014 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group default (sg-091c740915160e014) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0cda5846e51d75406 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-04b71d8fe6f61ac09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-08a830f3818df22d8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-09fc17deef2200543 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group launch-wizard-3 (sg-09fc17deef2200543) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0474afad1cede51c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-16c91a78 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group default (sg-16c91a78) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-03dda95217bd722cf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0b36e9776f84be1b8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0bd7e423fac41eca5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group snatpshot_test (sg-0bd7e423fac41eca5) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-05eb10b1b7df8b201 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group default (sg-05eb10b1b7df8b201) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-094663576a916beb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group Scan (sg-094663576a916beb5) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0cf58d958641ae531 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group FLTITLE-db (sg-0cf58d958641ae531) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-07ca5965527721e2b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group test.fugo.ELB (sg-07ca5965527721e2b) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-04ffc3255e82b26a3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group test.fugoone (sg-04ffc3255e82b26a3) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0cc85defb9824bf46 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group newdemo (sg-0cc85defb9824bf46) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0a5358451ab8eb31f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-05621c06837212db5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group fugo office network (sg-05621c06837212db5) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-08b7370c7d1c12ab6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group Workspace (sg-08b7370c7d1c12ab6) has Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0b6c9695323ec455c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0d60b8f6ae7a1dc83 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0b519b5e6321a2762 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group RDP_NEW (sg-0b519b5e6321a2762) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0b6ae40bc40a05870 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group default (sg-0b6ae40bc40a05870) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-07134278bb62c54e5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group tittle.fugoone.com (sg-07134278bb62c54e5) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-04819898c1b060625 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group launch-wizard-1 (sg-04819898c1b060625) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-04e2e7f5507ea7337 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-05f377a970051f352 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0e4aa2f9d569fca18 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-03cd1691502cec67e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group windows (sg-03cd1691502cec67e) has Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0cae57cb9099fc6de Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0dccfce9d4a0c9e60 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0b491bea1db5b5666 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group Windows_Mig_test (sg-0b491bea1db5b5666) has Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0ee48f91f8164b5d9 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0209ccd9248b69ece Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-055f2fcdabec8a369 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group default (sg-055f2fcdabec8a369) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-076ae3302eae38eae Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-04025f2ff76e7bd88 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group test (sg-04025f2ff76e7bd88) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0129ef8098ddb64c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group monitoring-sg (sg-0129ef8098ddb64c3) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0eadf6ec31f93bb8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0491433bb7e2de88d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0c2892864e591824e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group PMS-app-server (sg-0c2892864e591824e) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-06c3a17fe51c9de61 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0fdf571c639c4ea8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0ac53cbf0ab180e84 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-054a81357c28e6fb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0d900345b2583fc49 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group fugoservices-web (sg-0d900345b2583fc49) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-039c5bcf6bdfe954d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0a7e5947d6d3ab692 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group default (sg-0a7e5947d6d3ab692) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-000e6b51a965ce764 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group wazuh (sg-000e6b51a965ce764) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-02aac871f20a48d69 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0299cd0cdfa6599bc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group knowfugo-database (sg-0299cd0cdfa6599bc) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0b5898998ef0f0040 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0f1b0a1ae6ee72a6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0682fefbab8f20c19 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-03f8863db5b89f3cc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0b599093e3e3c4c6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-007e9f3f5e6a7dda2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group knowfugo (sg-007e9f3f5e6a7dda2) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0937aff6d72c24a45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group stagng_knowfugo (sg-0937aff6d72c24a45) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-08121f893f2d89138 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-048bccd7d49e2c556 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0325f3fdbd7f4ae04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group Demo-audit (sg-0325f3fdbd7f4ae04) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0f8abce01b2b398db Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group Audit-Bastion (sg-0f8abce01b2b398db) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0f05243b7bf9d3257 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-04edb80657ca25b45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group BASION host (sg-04edb80657ca25b45) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-01ddee8f2302669c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group api.fugoone.com (sg-01ddee8f2302669c3) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-01d6b0b12ee726a22 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group audit-demo-lb (sg-01d6b0b12ee726a22) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-01063b292cec3ec8c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group FUGO-AD (sg-01063b292cec3ec8c) has Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0e1e536387953fb6b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group New_example_fugoone (sg-0e1e536387953fb6b) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-044d5380ff0b25acd Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0a2c2913bff2400c2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group KNOW-ELB (sg-0a2c2913bff2400c2) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0532d1ee42b3f4636 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group test-fugoone-db (sg-0532d1ee42b3f4636) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0f44652776af161f8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group demo-audit-rds-sg (sg-0f44652776af161f8) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0c2a1b648c8879fe5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-08c854f0f6d88954f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-031db14f807d2b614 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0ebcd60f472f0e59d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-c9844db7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group default (sg-c9844db7) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-b52739cb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group default (sg-b52739cb) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-central-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-6cab7d09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group default (sg-6cab7d09) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-north-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-c92874a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group default (sg-c92874a2) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-31d72b79 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group default (sg-31d72b79) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-4b2ddf2a Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group default (sg-4b2ddf2a) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-7aaf9417 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group default (sg-7aaf9417) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 sa-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-f82f8285 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group default (sg-f82f8285) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0236a454c87e868a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group d-906769962c_controllers (sg-0236a454c87e868a2) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-050d9187f381d2f0b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group default (sg-050d9187f381d2f0b) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-7a00c82f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group default (sg-7a00c82f) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0bde47bb7dcbff977 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0d3dc664f916e5beb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group Test Instance (sg-0d3dc664f916e5beb) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-00e8dbdcd832c0963 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-b78824d2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group default (sg-b78824d2) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-06bcee4d6827a114b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group launch-wizard-1 (sg-06bcee4d6827a114b) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-d876d4a6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group default (sg-d876d4a6) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-0e76f8d7e9c5345df Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. sg-e0eef6a5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Telnet port 23. ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_telnet_23 Security group default (sg-e0eef6a5) has not Telnet port 23 open to the Internet.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-a7a8a2d7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group default (sg-a7a8a2d7) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0781bb66 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group default (sg-0781bb66) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-3bd72a56 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group default (sg-3bd72a56) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-051bc89f00d84ba5d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group default (sg-051bc89f00d84ba5d) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-014e8daa4cc040ec3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group FLTITLE (sg-014e8daa4cc040ec3) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-05c4e006af9e88dce Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group production_instance_24hr (sg-05c4e006af9e88dce) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-090b4a2a1c5868d3f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-00d80536c6f581309 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group poc-new-dr-SG (sg-00d80536c6f581309) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-06bd3c482cfc57740 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group launch-wizard-10 (sg-06bd3c482cfc57740) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0cef5febe99cb6c57 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0e3c03071ed78ed08 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-07032cce3a92d339c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group newexample (sg-07032cce3a92d339c) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-03e9695ce5a0004e3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-01ce2418c7b289616 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-048665d6d0c5ddade Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group launch-wizard-12 (sg-048665d6d0c5ddade) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-031e19902e2a5afdf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group xenia (sg-031e19902e2a5afdf) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-09fe68ed6b5fb3364 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-07fe7a4a585a27114 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0d37f630587326b7e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group launch-wizard-8 (sg-0d37f630587326b7e) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-026aafec6fadbd8c1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-07a7e54c93da1b0bb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0aeb794463e80d4fb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0a229ea3e85856a09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group new-rdp-pub (sg-0a229ea3e85856a09) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-008d5e1c2f6c94baa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-07cb54f5346101b04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-08d49b3fee5eae78f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0ced3f254ff2e2449 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group Production_instance (sg-0ced3f254ff2e2449) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0af3d8b5b8bc880fa Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0a9daa8c4e10538d0 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0772c4ae4f2152412 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group launch-wizard-9 (sg-0772c4ae4f2152412) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-091c740915160e014 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group default (sg-091c740915160e014) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0cda5846e51d75406 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-04b71d8fe6f61ac09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-08a830f3818df22d8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-09fc17deef2200543 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group launch-wizard-3 (sg-09fc17deef2200543) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0474afad1cede51c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-16c91a78 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group default (sg-16c91a78) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-03dda95217bd722cf Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0b36e9776f84be1b8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0bd7e423fac41eca5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group snatpshot_test (sg-0bd7e423fac41eca5) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-05eb10b1b7df8b201 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group default (sg-05eb10b1b7df8b201) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-094663576a916beb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group Scan (sg-094663576a916beb5) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0cf58d958641ae531 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group FLTITLE-db (sg-0cf58d958641ae531) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-07ca5965527721e2b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group test.fugo.ELB (sg-07ca5965527721e2b) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-04ffc3255e82b26a3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group test.fugoone (sg-04ffc3255e82b26a3) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0cc85defb9824bf46 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group newdemo (sg-0cc85defb9824bf46) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0a5358451ab8eb31f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-05621c06837212db5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group fugo office network (sg-05621c06837212db5) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-08b7370c7d1c12ab6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group Workspace (sg-08b7370c7d1c12ab6) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0b6c9695323ec455c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0d60b8f6ae7a1dc83 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0b519b5e6321a2762 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group RDP_NEW (sg-0b519b5e6321a2762) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0b6ae40bc40a05870 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group default (sg-0b6ae40bc40a05870) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-07134278bb62c54e5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group tittle.fugoone.com (sg-07134278bb62c54e5) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-04819898c1b060625 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group launch-wizard-1 (sg-04819898c1b060625) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-04e2e7f5507ea7337 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-05f377a970051f352 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0e4aa2f9d569fca18 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-03cd1691502cec67e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group windows (sg-03cd1691502cec67e) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0cae57cb9099fc6de Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0dccfce9d4a0c9e60 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0b491bea1db5b5666 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group Windows_Mig_test (sg-0b491bea1db5b5666) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0ee48f91f8164b5d9 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0209ccd9248b69ece Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-055f2fcdabec8a369 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group default (sg-055f2fcdabec8a369) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-076ae3302eae38eae Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-04025f2ff76e7bd88 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group test (sg-04025f2ff76e7bd88) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0129ef8098ddb64c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group monitoring-sg (sg-0129ef8098ddb64c3) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0eadf6ec31f93bb8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0491433bb7e2de88d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0c2892864e591824e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group PMS-app-server (sg-0c2892864e591824e) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-06c3a17fe51c9de61 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0fdf571c639c4ea8f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0ac53cbf0ab180e84 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-054a81357c28e6fb5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0d900345b2583fc49 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group fugoservices-web (sg-0d900345b2583fc49) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-039c5bcf6bdfe954d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0a7e5947d6d3ab692 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group default (sg-0a7e5947d6d3ab692) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-000e6b51a965ce764 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group wazuh (sg-000e6b51a965ce764) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-02aac871f20a48d69 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0299cd0cdfa6599bc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group knowfugo-database (sg-0299cd0cdfa6599bc) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0b5898998ef0f0040 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0f1b0a1ae6ee72a6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0682fefbab8f20c19 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-03f8863db5b89f3cc Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0b599093e3e3c4c6e Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-007e9f3f5e6a7dda2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group knowfugo (sg-007e9f3f5e6a7dda2) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0937aff6d72c24a45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group stagng_knowfugo (sg-0937aff6d72c24a45) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-08121f893f2d89138 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-048bccd7d49e2c556 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0325f3fdbd7f4ae04 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group Demo-audit (sg-0325f3fdbd7f4ae04) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0f8abce01b2b398db Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group Audit-Bastion (sg-0f8abce01b2b398db) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0f05243b7bf9d3257 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-04edb80657ca25b45 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group BASION host (sg-04edb80657ca25b45) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-01ddee8f2302669c3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group api.fugoone.com (sg-01ddee8f2302669c3) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-01d6b0b12ee726a22 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group audit-demo-lb (sg-01d6b0b12ee726a22) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-01063b292cec3ec8c Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group FUGO-AD (sg-01063b292cec3ec8c) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0e1e536387953fb6b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group New_example_fugoone (sg-0e1e536387953fb6b) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-044d5380ff0b25acd Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0a2c2913bff2400c2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group KNOW-ELB (sg-0a2c2913bff2400c2) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0532d1ee42b3f4636 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group test-fugoone-db (sg-0532d1ee42b3f4636) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0f44652776af161f8 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group demo-audit-rds-sg (sg-0f44652776af161f8) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0c2a1b648c8879fe5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-08c854f0f6d88954f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-031db14f807d2b614 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0ebcd60f472f0e59d Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-c9844db7 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group default (sg-c9844db7) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-b52739cb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group default (sg-b52739cb) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-central-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-6cab7d09 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group default (sg-6cab7d09) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-north-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-c92874a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group default (sg-c92874a2) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-31d72b79 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group default (sg-31d72b79) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-4b2ddf2a Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group default (sg-4b2ddf2a) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-3 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-7aaf9417 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group default (sg-7aaf9417) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 sa-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-f82f8285 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group default (sg-f82f8285) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0236a454c87e868a2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group d-906769962c_controllers (sg-0236a454c87e868a2) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-050d9187f381d2f0b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group default (sg-050d9187f381d2f0b) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-7a00c82f Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group default (sg-7a00c82f) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0bde47bb7dcbff977 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0d3dc664f916e5beb Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group Test Instance (sg-0d3dc664f916e5beb) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-00e8dbdcd832c0963 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-b78824d2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group default (sg-b78824d2) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-06bcee4d6827a114b Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group launch-wizard-1 (sg-06bcee4d6827a114b) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-d876d4a6 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group default (sg-d876d4a6) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-0e76f8d7e9c5345df Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. sg-e0eef6a5 Ensure no security groups allow ingress from 0.0.0.0/0 or ::/0 to Kafka port 9092. ec2_securitygroup_allow_wide_open_public_ipv4 Security group default (sg-e0eef6a5) has no potential wide-open non-RFC1918 address.

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-1 Ensure the default security group of every VPC restricts all traffic. sg-a7a8a2d7 Ensure the default security group of every VPC restricts all traffic. ec2_securitygroup_default_restrict_traffic Default Security Group (sg-a7a8a2d7) is not open to the Internet.

Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.

PASS high ec2 ap-northeast-2 Ensure the default security group of every VPC restricts all traffic. sg-0781bb66 Ensure the default security group of every VPC restricts all traffic. ec2_securitygroup_default_restrict_traffic Default Security Group (sg-0781bb66) is not open to the Internet.

Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.

PASS high ec2 ap-northeast-3 Ensure the default security group of every VPC restricts all traffic. sg-3bd72a56 Ensure the default security group of every VPC restricts all traffic. ec2_securitygroup_default_restrict_traffic Default Security Group (sg-3bd72a56) is not open to the Internet.

Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.

PASS high ec2 ap-south-1 Ensure the default security group of every VPC restricts all traffic. sg-051bc89f00d84ba5d Ensure the default security group of every VPC restricts all traffic. ec2_securitygroup_default_restrict_traffic Default Security Group (sg-051bc89f00d84ba5d) is not open to the Internet.

Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.

PASS high ec2 ap-south-1 Ensure the default security group of every VPC restricts all traffic. sg-091c740915160e014 Ensure the default security group of every VPC restricts all traffic. ec2_securitygroup_default_restrict_traffic Default Security Group (sg-091c740915160e014) is not open to the Internet.

Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.

PASS high ec2 ap-south-1 Ensure the default security group of every VPC restricts all traffic. sg-16c91a78 Ensure the default security group of every VPC restricts all traffic. ec2_securitygroup_default_restrict_traffic Default Security Group (sg-16c91a78) is not open to the Internet.

Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.

PASS high ec2 ap-south-1 Ensure the default security group of every VPC restricts all traffic. sg-05eb10b1b7df8b201 Ensure the default security group of every VPC restricts all traffic. ec2_securitygroup_default_restrict_traffic Default Security Group (sg-05eb10b1b7df8b201) is not open to the Internet.

Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.

PASS high ec2 ap-south-1 Ensure the default security group of every VPC restricts all traffic. sg-0b6ae40bc40a05870 Ensure the default security group of every VPC restricts all traffic. ec2_securitygroup_default_restrict_traffic Default Security Group (sg-0b6ae40bc40a05870) is not open to the Internet.

Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.

PASS high ec2 ap-south-1 Ensure the default security group of every VPC restricts all traffic. sg-055f2fcdabec8a369 Ensure the default security group of every VPC restricts all traffic. ec2_securitygroup_default_restrict_traffic Default Security Group (sg-055f2fcdabec8a369) is not open to the Internet.

Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.

FAIL high ec2 ap-south-1 Ensure the default security group of every VPC restricts all traffic. sg-0a7e5947d6d3ab692 Ensure the default security group of every VPC restricts all traffic. ec2_securitygroup_default_restrict_traffic Default Security Group (sg-0a7e5947d6d3ab692) is open to the Internet.

Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.

PASS high ec2 ap-southeast-1 Ensure the default security group of every VPC restricts all traffic. sg-c9844db7 Ensure the default security group of every VPC restricts all traffic. ec2_securitygroup_default_restrict_traffic Default Security Group (sg-c9844db7) is not open to the Internet.

Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.

PASS high ec2 ap-southeast-2 Ensure the default security group of every VPC restricts all traffic. sg-b52739cb Ensure the default security group of every VPC restricts all traffic. ec2_securitygroup_default_restrict_traffic Default Security Group (sg-b52739cb) is not open to the Internet.

Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.

PASS high ec2 eu-central-1 Ensure the default security group of every VPC restricts all traffic. sg-6cab7d09 Ensure the default security group of every VPC restricts all traffic. ec2_securitygroup_default_restrict_traffic Default Security Group (sg-6cab7d09) is not open to the Internet.

Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.

PASS high ec2 eu-north-1 Ensure the default security group of every VPC restricts all traffic. sg-c92874a2 Ensure the default security group of every VPC restricts all traffic. ec2_securitygroup_default_restrict_traffic Default Security Group (sg-c92874a2) is not open to the Internet.

Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.

PASS high ec2 eu-west-1 Ensure the default security group of every VPC restricts all traffic. sg-31d72b79 Ensure the default security group of every VPC restricts all traffic. ec2_securitygroup_default_restrict_traffic Default Security Group (sg-31d72b79) is not open to the Internet.

Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.

PASS high ec2 eu-west-2 Ensure the default security group of every VPC restricts all traffic. sg-4b2ddf2a Ensure the default security group of every VPC restricts all traffic. ec2_securitygroup_default_restrict_traffic Default Security Group (sg-4b2ddf2a) is not open to the Internet.

Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.

PASS high ec2 eu-west-3 Ensure the default security group of every VPC restricts all traffic. sg-7aaf9417 Ensure the default security group of every VPC restricts all traffic. ec2_securitygroup_default_restrict_traffic Default Security Group (sg-7aaf9417) is not open to the Internet.

Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.

PASS high ec2 sa-east-1 Ensure the default security group of every VPC restricts all traffic. sg-f82f8285 Ensure the default security group of every VPC restricts all traffic. ec2_securitygroup_default_restrict_traffic Default Security Group (sg-f82f8285) is not open to the Internet.

Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.

PASS high ec2 us-east-1 Ensure the default security group of every VPC restricts all traffic. sg-050d9187f381d2f0b Ensure the default security group of every VPC restricts all traffic. ec2_securitygroup_default_restrict_traffic Default Security Group (sg-050d9187f381d2f0b) is not open to the Internet.

Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.

PASS high ec2 us-east-1 Ensure the default security group of every VPC restricts all traffic. sg-7a00c82f Ensure the default security group of every VPC restricts all traffic. ec2_securitygroup_default_restrict_traffic Default Security Group (sg-7a00c82f) is not open to the Internet.

Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.

PASS high ec2 us-east-2 Ensure the default security group of every VPC restricts all traffic. sg-b78824d2 Ensure the default security group of every VPC restricts all traffic. ec2_securitygroup_default_restrict_traffic Default Security Group (sg-b78824d2) is not open to the Internet.

Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.

PASS high ec2 us-west-1 Ensure the default security group of every VPC restricts all traffic. sg-d876d4a6 Ensure the default security group of every VPC restricts all traffic. ec2_securitygroup_default_restrict_traffic Default Security Group (sg-d876d4a6) is not open to the Internet.

Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.

PASS high ec2 us-west-2 Ensure the default security group of every VPC restricts all traffic. sg-e0eef6a5 Ensure the default security group of every VPC restricts all traffic. ec2_securitygroup_default_restrict_traffic Default Security Group (sg-e0eef6a5) is not open to the Internet.

Even having a perimeter firewall, having security groups open allows any user or malware with vpc access to scan for well known and sensitive ports and gain access to instance.

Apply Zero Trust approach. Implement a process to scan and remediate unrestricted or overly permissive security groups. Recommended best practices is to narrow the definition for the minimum ports required.

PASS medium ec2 ap-northeast-1 Security Groups created by EC2 Launch Wizard. sg-a7a8a2d7 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group default (sg-a7a8a2d7) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-northeast-2 Security Groups created by EC2 Launch Wizard. sg-0781bb66 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group default (sg-0781bb66) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-northeast-3 Security Groups created by EC2 Launch Wizard. sg-3bd72a56 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group default (sg-3bd72a56) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-051bc89f00d84ba5d Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group default (sg-051bc89f00d84ba5d) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-014e8daa4cc040ec3 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group FLTITLE (sg-014e8daa4cc040ec3) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-05c4e006af9e88dce Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group production_instance_24hr (sg-05c4e006af9e88dce) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-090b4a2a1c5868d3f Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-00d80536c6f581309 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group poc-new-dr-SG (sg-00d80536c6f581309) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

FAIL medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-06bd3c482cfc57740 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group launch-wizard-10 (sg-06bd3c482cfc57740) was created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

FAIL medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0cef5febe99cb6c57 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group launch-wizard-2 (sg-0cef5febe99cb6c57) was created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

FAIL medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0e3c03071ed78ed08 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group launch-wizard-7 (sg-0e3c03071ed78ed08) was created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-07032cce3a92d339c Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group newexample (sg-07032cce3a92d339c) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-03e9695ce5a0004e3 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-01ce2418c7b289616 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

FAIL medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-048665d6d0c5ddade Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group launch-wizard-12 (sg-048665d6d0c5ddade) was created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-031e19902e2a5afdf Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group xenia (sg-031e19902e2a5afdf) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-09fe68ed6b5fb3364 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-07fe7a4a585a27114 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

FAIL medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0d37f630587326b7e Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group launch-wizard-8 (sg-0d37f630587326b7e) was created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

FAIL medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-026aafec6fadbd8c1 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group launch-wizard-6 (sg-026aafec6fadbd8c1) was created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-07a7e54c93da1b0bb Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0aeb794463e80d4fb Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0a229ea3e85856a09 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group new-rdp-pub (sg-0a229ea3e85856a09) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-008d5e1c2f6c94baa Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-07cb54f5346101b04 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-08d49b3fee5eae78f Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0ced3f254ff2e2449 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group Production_instance (sg-0ced3f254ff2e2449) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0af3d8b5b8bc880fa Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0a9daa8c4e10538d0 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

FAIL medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0772c4ae4f2152412 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group launch-wizard-9 (sg-0772c4ae4f2152412) was created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-091c740915160e014 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group default (sg-091c740915160e014) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0cda5846e51d75406 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group Test Ubuntu Instance (sg-0cda5846e51d75406) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-04b71d8fe6f61ac09 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-08a830f3818df22d8 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

FAIL medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-09fc17deef2200543 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group launch-wizard-3 (sg-09fc17deef2200543) was created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0474afad1cede51c3 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-16c91a78 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group default (sg-16c91a78) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-03dda95217bd722cf Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0b36e9776f84be1b8 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0bd7e423fac41eca5 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group snatpshot_test (sg-0bd7e423fac41eca5) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-05eb10b1b7df8b201 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group default (sg-05eb10b1b7df8b201) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-094663576a916beb5 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group Scan (sg-094663576a916beb5) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0cf58d958641ae531 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group FLTITLE-db (sg-0cf58d958641ae531) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-07ca5965527721e2b Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group test.fugo.ELB (sg-07ca5965527721e2b) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-04ffc3255e82b26a3 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group test.fugoone (sg-04ffc3255e82b26a3) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0cc85defb9824bf46 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group newdemo (sg-0cc85defb9824bf46) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0a5358451ab8eb31f Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-05621c06837212db5 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group fugo office network (sg-05621c06837212db5) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-08b7370c7d1c12ab6 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group Workspace (sg-08b7370c7d1c12ab6) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0b6c9695323ec455c Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

FAIL medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0d60b8f6ae7a1dc83 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) was created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0b519b5e6321a2762 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group RDP_NEW (sg-0b519b5e6321a2762) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0b6ae40bc40a05870 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group default (sg-0b6ae40bc40a05870) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-07134278bb62c54e5 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group tittle.fugoone.com (sg-07134278bb62c54e5) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

FAIL medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-04819898c1b060625 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group launch-wizard-1 (sg-04819898c1b060625) was created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

FAIL medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-04e2e7f5507ea7337 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group launch-wizard-4 (sg-04e2e7f5507ea7337) was created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-05f377a970051f352 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0e4aa2f9d569fca18 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-03cd1691502cec67e Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group windows (sg-03cd1691502cec67e) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0cae57cb9099fc6de Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0dccfce9d4a0c9e60 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group FUGO SALES (sg-0dccfce9d4a0c9e60) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0b491bea1db5b5666 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group Windows_Mig_test (sg-0b491bea1db5b5666) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0ee48f91f8164b5d9 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group knowfugo-LB (sg-0ee48f91f8164b5d9) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0209ccd9248b69ece Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group FUGO-Production-DB (sg-0209ccd9248b69ece) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-055f2fcdabec8a369 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group default (sg-055f2fcdabec8a369) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-076ae3302eae38eae Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-04025f2ff76e7bd88 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group test (sg-04025f2ff76e7bd88) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0129ef8098ddb64c3 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group monitoring-sg (sg-0129ef8098ddb64c3) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0eadf6ec31f93bb8f Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0491433bb7e2de88d Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0c2892864e591824e Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group PMS-app-server (sg-0c2892864e591824e) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-06c3a17fe51c9de61 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0fdf571c639c4ea8f Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0ac53cbf0ab180e84 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-054a81357c28e6fb5 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group FUGO-staging-SG (sg-054a81357c28e6fb5) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0d900345b2583fc49 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group fugoservices-web (sg-0d900345b2583fc49) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-039c5bcf6bdfe954d Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0a7e5947d6d3ab692 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group default (sg-0a7e5947d6d3ab692) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-000e6b51a965ce764 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group wazuh (sg-000e6b51a965ce764) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-02aac871f20a48d69 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0299cd0cdfa6599bc Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group knowfugo-database (sg-0299cd0cdfa6599bc) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0b5898998ef0f0040 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0f1b0a1ae6ee72a6e Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0682fefbab8f20c19 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group newexamplefugoonecome (sg-0682fefbab8f20c19) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-03f8863db5b89f3cc Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

FAIL medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0b599093e3e3c4c6e Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) was created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-007e9f3f5e6a7dda2 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group knowfugo (sg-007e9f3f5e6a7dda2) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0937aff6d72c24a45 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group stagng_knowfugo (sg-0937aff6d72c24a45) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-08121f893f2d89138 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-048bccd7d49e2c556 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0325f3fdbd7f4ae04 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group Demo-audit (sg-0325f3fdbd7f4ae04) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0f8abce01b2b398db Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group Audit-Bastion (sg-0f8abce01b2b398db) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0f05243b7bf9d3257 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group FLTITLE-1 (sg-0f05243b7bf9d3257) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-04edb80657ca25b45 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group BASION host (sg-04edb80657ca25b45) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-01ddee8f2302669c3 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group api.fugoone.com (sg-01ddee8f2302669c3) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-01d6b0b12ee726a22 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group audit-demo-lb (sg-01d6b0b12ee726a22) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-01063b292cec3ec8c Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group FUGO-AD (sg-01063b292cec3ec8c) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0e1e536387953fb6b Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group New_example_fugoone (sg-0e1e536387953fb6b) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-044d5380ff0b25acd Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group WFGBlocks_SG (sg-044d5380ff0b25acd) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0a2c2913bff2400c2 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group KNOW-ELB (sg-0a2c2913bff2400c2) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0532d1ee42b3f4636 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group test-fugoone-db (sg-0532d1ee42b3f4636) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0f44652776af161f8 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group demo-audit-rds-sg (sg-0f44652776af161f8) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0c2a1b648c8879fe5 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-08c854f0f6d88954f Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-031db14f807d2b614 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group FUGO-Production-APP-server (sg-031db14f807d2b614) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-south-1 Security Groups created by EC2 Launch Wizard. sg-0ebcd60f472f0e59d Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-southeast-1 Security Groups created by EC2 Launch Wizard. sg-c9844db7 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group default (sg-c9844db7) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 ap-southeast-2 Security Groups created by EC2 Launch Wizard. sg-b52739cb Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group default (sg-b52739cb) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 eu-central-1 Security Groups created by EC2 Launch Wizard. sg-6cab7d09 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group default (sg-6cab7d09) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 eu-north-1 Security Groups created by EC2 Launch Wizard. sg-c92874a2 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group default (sg-c92874a2) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 eu-west-1 Security Groups created by EC2 Launch Wizard. sg-31d72b79 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group default (sg-31d72b79) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 eu-west-2 Security Groups created by EC2 Launch Wizard. sg-4b2ddf2a Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group default (sg-4b2ddf2a) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 eu-west-3 Security Groups created by EC2 Launch Wizard. sg-7aaf9417 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group default (sg-7aaf9417) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 sa-east-1 Security Groups created by EC2 Launch Wizard. sg-f82f8285 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group default (sg-f82f8285) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 us-east-1 Security Groups created by EC2 Launch Wizard. sg-0236a454c87e868a2 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group d-906769962c_controllers (sg-0236a454c87e868a2) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 us-east-1 Security Groups created by EC2 Launch Wizard. sg-050d9187f381d2f0b Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group default (sg-050d9187f381d2f0b) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 us-east-1 Security Groups created by EC2 Launch Wizard. sg-7a00c82f Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group default (sg-7a00c82f) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 us-east-1 Security Groups created by EC2 Launch Wizard. sg-0bde47bb7dcbff977 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 us-east-1 Security Groups created by EC2 Launch Wizard. sg-0d3dc664f916e5beb Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group Test Instance (sg-0d3dc664f916e5beb) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

FAIL medium ec2 us-east-2 Security Groups created by EC2 Launch Wizard. sg-00e8dbdcd832c0963 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group launch-wizard-1 (sg-00e8dbdcd832c0963) was created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 us-east-2 Security Groups created by EC2 Launch Wizard. sg-b78824d2 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group default (sg-b78824d2) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

FAIL medium ec2 us-west-1 Security Groups created by EC2 Launch Wizard. sg-06bcee4d6827a114b Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group launch-wizard-1 (sg-06bcee4d6827a114b) was created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 us-west-1 Security Groups created by EC2 Launch Wizard. sg-d876d4a6 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group default (sg-d876d4a6) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

FAIL medium ec2 us-west-2 Security Groups created by EC2 Launch Wizard. sg-0e76f8d7e9c5345df Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) was created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS medium ec2 us-west-2 Security Groups created by EC2 Launch Wizard. sg-e0eef6a5 Security Groups created by EC2 Launch Wizard. ec2_securitygroup_from_launch_wizard Security group default (sg-e0eef6a5) was not created using the EC2 Launch Wizard.

Security Groups Created on the AWS Console using the EC2 wizard may allow port 22 from 0.0.0.0/0.

Apply Zero Trust approach. Implement a process to scan and remediate security groups created by the EC2 Wizard. Recommended best practices is to use an authorized security group.

PASS high ec2 ap-northeast-1 Ensure there are no Security Groups without ingress filtering being used. sg-a7a8a2d7 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group default (sg-a7a8a2d7) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 ap-northeast-2 Ensure there are no Security Groups without ingress filtering being used. sg-0781bb66 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group default (sg-0781bb66) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 ap-northeast-3 Ensure there are no Security Groups without ingress filtering being used. sg-3bd72a56 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group default (sg-3bd72a56) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-051bc89f00d84ba5d Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group default (sg-051bc89f00d84ba5d) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-014e8daa4cc040ec3 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group FLTITLE (sg-014e8daa4cc040ec3) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-05c4e006af9e88dce Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group production_instance_24hr (sg-05c4e006af9e88dce) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-090b4a2a1c5868d3f Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-00d80536c6f581309 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group poc-new-dr-SG (sg-00d80536c6f581309) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-06bd3c482cfc57740 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group launch-wizard-10 (sg-06bd3c482cfc57740) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0cef5febe99cb6c57 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0e3c03071ed78ed08 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-07032cce3a92d339c Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group newexample (sg-07032cce3a92d339c) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-03e9695ce5a0004e3 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-01ce2418c7b289616 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-048665d6d0c5ddade Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group launch-wizard-12 (sg-048665d6d0c5ddade) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-031e19902e2a5afdf Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group xenia (sg-031e19902e2a5afdf) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-09fe68ed6b5fb3364 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-07fe7a4a585a27114 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0d37f630587326b7e Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group launch-wizard-8 (sg-0d37f630587326b7e) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-026aafec6fadbd8c1 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-07a7e54c93da1b0bb Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0aeb794463e80d4fb Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0a229ea3e85856a09 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group new-rdp-pub (sg-0a229ea3e85856a09) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-008d5e1c2f6c94baa Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-07cb54f5346101b04 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-08d49b3fee5eae78f Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0ced3f254ff2e2449 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group Production_instance (sg-0ced3f254ff2e2449) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0af3d8b5b8bc880fa Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0a9daa8c4e10538d0 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0772c4ae4f2152412 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group launch-wizard-9 (sg-0772c4ae4f2152412) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-091c740915160e014 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group default (sg-091c740915160e014) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0cda5846e51d75406 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-04b71d8fe6f61ac09 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-08a830f3818df22d8 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-09fc17deef2200543 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group launch-wizard-3 (sg-09fc17deef2200543) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0474afad1cede51c3 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-16c91a78 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group default (sg-16c91a78) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-03dda95217bd722cf Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0b36e9776f84be1b8 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0bd7e423fac41eca5 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group snatpshot_test (sg-0bd7e423fac41eca5) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-05eb10b1b7df8b201 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group default (sg-05eb10b1b7df8b201) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-094663576a916beb5 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group Scan (sg-094663576a916beb5) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0cf58d958641ae531 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group FLTITLE-db (sg-0cf58d958641ae531) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-07ca5965527721e2b Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group test.fugo.ELB (sg-07ca5965527721e2b) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-04ffc3255e82b26a3 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group test.fugoone (sg-04ffc3255e82b26a3) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0cc85defb9824bf46 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group newdemo (sg-0cc85defb9824bf46) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0a5358451ab8eb31f Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-05621c06837212db5 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group fugo office network (sg-05621c06837212db5) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-08b7370c7d1c12ab6 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group Workspace (sg-08b7370c7d1c12ab6) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0b6c9695323ec455c Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0d60b8f6ae7a1dc83 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0b519b5e6321a2762 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group RDP_NEW (sg-0b519b5e6321a2762) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0b6ae40bc40a05870 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group default (sg-0b6ae40bc40a05870) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-07134278bb62c54e5 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group tittle.fugoone.com (sg-07134278bb62c54e5) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-04819898c1b060625 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group launch-wizard-1 (sg-04819898c1b060625) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-04e2e7f5507ea7337 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-05f377a970051f352 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0e4aa2f9d569fca18 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-03cd1691502cec67e Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group windows (sg-03cd1691502cec67e) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0cae57cb9099fc6de Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0dccfce9d4a0c9e60 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0b491bea1db5b5666 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group Windows_Mig_test (sg-0b491bea1db5b5666) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0ee48f91f8164b5d9 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0209ccd9248b69ece Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-055f2fcdabec8a369 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group default (sg-055f2fcdabec8a369) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-076ae3302eae38eae Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-04025f2ff76e7bd88 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group test (sg-04025f2ff76e7bd88) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0129ef8098ddb64c3 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group monitoring-sg (sg-0129ef8098ddb64c3) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0eadf6ec31f93bb8f Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0491433bb7e2de88d Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0c2892864e591824e Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group PMS-app-server (sg-0c2892864e591824e) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-06c3a17fe51c9de61 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0fdf571c639c4ea8f Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0ac53cbf0ab180e84 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-054a81357c28e6fb5 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0d900345b2583fc49 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group fugoservices-web (sg-0d900345b2583fc49) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-039c5bcf6bdfe954d Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0a7e5947d6d3ab692 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group default (sg-0a7e5947d6d3ab692) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-000e6b51a965ce764 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group wazuh (sg-000e6b51a965ce764) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-02aac871f20a48d69 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0299cd0cdfa6599bc Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group knowfugo-database (sg-0299cd0cdfa6599bc) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0b5898998ef0f0040 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0f1b0a1ae6ee72a6e Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0682fefbab8f20c19 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-03f8863db5b89f3cc Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0b599093e3e3c4c6e Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-007e9f3f5e6a7dda2 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group knowfugo (sg-007e9f3f5e6a7dda2) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0937aff6d72c24a45 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group stagng_knowfugo (sg-0937aff6d72c24a45) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-08121f893f2d89138 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-048bccd7d49e2c556 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0325f3fdbd7f4ae04 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group Demo-audit (sg-0325f3fdbd7f4ae04) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0f8abce01b2b398db Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group Audit-Bastion (sg-0f8abce01b2b398db) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0f05243b7bf9d3257 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-04edb80657ca25b45 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group BASION host (sg-04edb80657ca25b45) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-01ddee8f2302669c3 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group api.fugoone.com (sg-01ddee8f2302669c3) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-01d6b0b12ee726a22 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group audit-demo-lb (sg-01d6b0b12ee726a22) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-01063b292cec3ec8c Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group FUGO-AD (sg-01063b292cec3ec8c) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0e1e536387953fb6b Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group New_example_fugoone (sg-0e1e536387953fb6b) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-044d5380ff0b25acd Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0a2c2913bff2400c2 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group KNOW-ELB (sg-0a2c2913bff2400c2) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0532d1ee42b3f4636 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group test-fugoone-db (sg-0532d1ee42b3f4636) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0f44652776af161f8 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group demo-audit-rds-sg (sg-0f44652776af161f8) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0c2a1b648c8879fe5 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-08c854f0f6d88954f Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-031db14f807d2b614 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 ap-south-1 Ensure there are no Security Groups without ingress filtering being used. sg-0ebcd60f472f0e59d Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 ap-southeast-1 Ensure there are no Security Groups without ingress filtering being used. sg-c9844db7 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group default (sg-c9844db7) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 ap-southeast-2 Ensure there are no Security Groups without ingress filtering being used. sg-b52739cb Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group default (sg-b52739cb) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 eu-central-1 Ensure there are no Security Groups without ingress filtering being used. sg-6cab7d09 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group default (sg-6cab7d09) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 eu-north-1 Ensure there are no Security Groups without ingress filtering being used. sg-c92874a2 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group default (sg-c92874a2) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 eu-west-1 Ensure there are no Security Groups without ingress filtering being used. sg-31d72b79 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group default (sg-31d72b79) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 eu-west-2 Ensure there are no Security Groups without ingress filtering being used. sg-4b2ddf2a Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group default (sg-4b2ddf2a) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 eu-west-3 Ensure there are no Security Groups without ingress filtering being used. sg-7aaf9417 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group default (sg-7aaf9417) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 sa-east-1 Ensure there are no Security Groups without ingress filtering being used. sg-f82f8285 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group default (sg-f82f8285) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 us-east-1 Ensure there are no Security Groups without ingress filtering being used. sg-0236a454c87e868a2 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group d-906769962c_controllers (sg-0236a454c87e868a2) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 us-east-1 Ensure there are no Security Groups without ingress filtering being used. sg-050d9187f381d2f0b Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group default (sg-050d9187f381d2f0b) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 us-east-1 Ensure there are no Security Groups without ingress filtering being used. sg-7a00c82f Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group default (sg-7a00c82f) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 us-east-1 Ensure there are no Security Groups without ingress filtering being used. sg-0bde47bb7dcbff977 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has no ingress filtering and it is being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 us-east-1 Ensure there are no Security Groups without ingress filtering being used. sg-0d3dc664f916e5beb Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group Test Instance (sg-0d3dc664f916e5beb) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 us-east-2 Ensure there are no Security Groups without ingress filtering being used. sg-00e8dbdcd832c0963 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 us-east-2 Ensure there are no Security Groups without ingress filtering being used. sg-b78824d2 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group default (sg-b78824d2) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 us-west-1 Ensure there are no Security Groups without ingress filtering being used. sg-06bcee4d6827a114b Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group launch-wizard-1 (sg-06bcee4d6827a114b) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 us-west-1 Ensure there are no Security Groups without ingress filtering being used. sg-d876d4a6 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group default (sg-d876d4a6) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL high ec2 us-west-2 Ensure there are no Security Groups without ingress filtering being used. sg-0e76f8d7e9c5345df Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has no ingress filtering and it is not being used.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

PASS high ec2 us-west-2 Ensure there are no Security Groups without ingress filtering being used. sg-e0eef6a5 Ensure there are no Security Groups without ingress filtering being used. ec2_securitygroup_in_use_without_ingress_filtering Security group default (sg-e0eef6a5) has ingress filtering.

If Security groups are not filtering traffic appropriately the attack surface is increased.

You can grant access to a specific CIDR range or to another security group in your VPC or in a peer VPC.

FAIL low ec2 ap-northeast-1 Ensure there are no Security Groups not being used. sg-a7a8a2d7 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group default (sg-a7a8a2d7) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-northeast-2 Ensure there are no Security Groups not being used. sg-0781bb66 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group default (sg-0781bb66) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-northeast-3 Ensure there are no Security Groups not being used. sg-3bd72a56 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group default (sg-3bd72a56) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-051bc89f00d84ba5d Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group default (sg-051bc89f00d84ba5d) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-014e8daa4cc040ec3 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group FLTITLE (sg-014e8daa4cc040ec3) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-05c4e006af9e88dce Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group production_instance_24hr (sg-05c4e006af9e88dce) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-090b4a2a1c5868d3f Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-00d80536c6f581309 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group poc-new-dr-SG (sg-00d80536c6f581309) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-06bd3c482cfc57740 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group launch-wizard-10 (sg-06bd3c482cfc57740) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0cef5febe99cb6c57 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group launch-wizard-2 (sg-0cef5febe99cb6c57) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0e3c03071ed78ed08 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group launch-wizard-7 (sg-0e3c03071ed78ed08) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-07032cce3a92d339c Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group newexample (sg-07032cce3a92d339c) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-03e9695ce5a0004e3 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-01ce2418c7b289616 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-048665d6d0c5ddade Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group launch-wizard-12 (sg-048665d6d0c5ddade) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-031e19902e2a5afdf Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group xenia (sg-031e19902e2a5afdf) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-09fe68ed6b5fb3364 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-07fe7a4a585a27114 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0d37f630587326b7e Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group launch-wizard-8 (sg-0d37f630587326b7e) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-026aafec6fadbd8c1 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group launch-wizard-6 (sg-026aafec6fadbd8c1) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-07a7e54c93da1b0bb Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0aeb794463e80d4fb Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0a229ea3e85856a09 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group new-rdp-pub (sg-0a229ea3e85856a09) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-008d5e1c2f6c94baa Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-07cb54f5346101b04 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-08d49b3fee5eae78f Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0ced3f254ff2e2449 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group Production_instance (sg-0ced3f254ff2e2449) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0af3d8b5b8bc880fa Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0a9daa8c4e10538d0 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0772c4ae4f2152412 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group launch-wizard-9 (sg-0772c4ae4f2152412) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-091c740915160e014 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group default (sg-091c740915160e014) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0cda5846e51d75406 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group Test Ubuntu Instance (sg-0cda5846e51d75406) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-04b71d8fe6f61ac09 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-08a830f3818df22d8 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-09fc17deef2200543 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group launch-wizard-3 (sg-09fc17deef2200543) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0474afad1cede51c3 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-16c91a78 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group default (sg-16c91a78) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-03dda95217bd722cf Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0b36e9776f84be1b8 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0bd7e423fac41eca5 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group snatpshot_test (sg-0bd7e423fac41eca5) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-05eb10b1b7df8b201 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group default (sg-05eb10b1b7df8b201) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-094663576a916beb5 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group Scan (sg-094663576a916beb5) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0cf58d958641ae531 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group FLTITLE-db (sg-0cf58d958641ae531) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-07ca5965527721e2b Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group test.fugo.ELB (sg-07ca5965527721e2b) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-04ffc3255e82b26a3 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group test.fugoone (sg-04ffc3255e82b26a3) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0cc85defb9824bf46 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group newdemo (sg-0cc85defb9824bf46) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0a5358451ab8eb31f Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-05621c06837212db5 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group fugo office network (sg-05621c06837212db5) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-08b7370c7d1c12ab6 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group Workspace (sg-08b7370c7d1c12ab6) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0b6c9695323ec455c Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0d60b8f6ae7a1dc83 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0b519b5e6321a2762 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group RDP_NEW (sg-0b519b5e6321a2762) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0b6ae40bc40a05870 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group default (sg-0b6ae40bc40a05870) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-07134278bb62c54e5 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group tittle.fugoone.com (sg-07134278bb62c54e5) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-04819898c1b060625 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group launch-wizard-1 (sg-04819898c1b060625) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-04e2e7f5507ea7337 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group launch-wizard-4 (sg-04e2e7f5507ea7337) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-05f377a970051f352 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0e4aa2f9d569fca18 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-03cd1691502cec67e Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group windows (sg-03cd1691502cec67e) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0cae57cb9099fc6de Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0dccfce9d4a0c9e60 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group FUGO SALES (sg-0dccfce9d4a0c9e60) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0b491bea1db5b5666 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group Windows_Mig_test (sg-0b491bea1db5b5666) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0ee48f91f8164b5d9 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group knowfugo-LB (sg-0ee48f91f8164b5d9) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0209ccd9248b69ece Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group FUGO-Production-DB (sg-0209ccd9248b69ece) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-055f2fcdabec8a369 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group default (sg-055f2fcdabec8a369) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-076ae3302eae38eae Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-04025f2ff76e7bd88 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group test (sg-04025f2ff76e7bd88) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0129ef8098ddb64c3 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group monitoring-sg (sg-0129ef8098ddb64c3) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0eadf6ec31f93bb8f Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0491433bb7e2de88d Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0c2892864e591824e Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group PMS-app-server (sg-0c2892864e591824e) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-06c3a17fe51c9de61 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0fdf571c639c4ea8f Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0ac53cbf0ab180e84 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-054a81357c28e6fb5 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group FUGO-staging-SG (sg-054a81357c28e6fb5) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0d900345b2583fc49 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group fugoservices-web (sg-0d900345b2583fc49) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-039c5bcf6bdfe954d Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0a7e5947d6d3ab692 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group default (sg-0a7e5947d6d3ab692) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-000e6b51a965ce764 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group wazuh (sg-000e6b51a965ce764) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-02aac871f20a48d69 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0299cd0cdfa6599bc Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group knowfugo-database (sg-0299cd0cdfa6599bc) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0b5898998ef0f0040 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0f1b0a1ae6ee72a6e Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0682fefbab8f20c19 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group newexamplefugoonecome (sg-0682fefbab8f20c19) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-03f8863db5b89f3cc Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0b599093e3e3c4c6e Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-007e9f3f5e6a7dda2 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group knowfugo (sg-007e9f3f5e6a7dda2) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0937aff6d72c24a45 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group stagng_knowfugo (sg-0937aff6d72c24a45) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-08121f893f2d89138 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-048bccd7d49e2c556 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0325f3fdbd7f4ae04 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group Demo-audit (sg-0325f3fdbd7f4ae04) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0f8abce01b2b398db Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group Audit-Bastion (sg-0f8abce01b2b398db) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0f05243b7bf9d3257 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group FLTITLE-1 (sg-0f05243b7bf9d3257) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-04edb80657ca25b45 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group BASION host (sg-04edb80657ca25b45) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-01ddee8f2302669c3 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group api.fugoone.com (sg-01ddee8f2302669c3) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-01d6b0b12ee726a22 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group audit-demo-lb (sg-01d6b0b12ee726a22) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-01063b292cec3ec8c Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group FUGO-AD (sg-01063b292cec3ec8c) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0e1e536387953fb6b Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group New_example_fugoone (sg-0e1e536387953fb6b) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-044d5380ff0b25acd Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group WFGBlocks_SG (sg-044d5380ff0b25acd) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0a2c2913bff2400c2 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group KNOW-ELB (sg-0a2c2913bff2400c2) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0532d1ee42b3f4636 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group test-fugoone-db (sg-0532d1ee42b3f4636) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0f44652776af161f8 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group demo-audit-rds-sg (sg-0f44652776af161f8) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0c2a1b648c8879fe5 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-08c854f0f6d88954f Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-031db14f807d2b614 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group FUGO-Production-APP-server (sg-031db14f807d2b614) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-south-1 Ensure there are no Security Groups not being used. sg-0ebcd60f472f0e59d Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-southeast-1 Ensure there are no Security Groups not being used. sg-c9844db7 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group default (sg-c9844db7) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 ap-southeast-2 Ensure there are no Security Groups not being used. sg-b52739cb Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group default (sg-b52739cb) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 eu-central-1 Ensure there are no Security Groups not being used. sg-6cab7d09 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group default (sg-6cab7d09) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 eu-north-1 Ensure there are no Security Groups not being used. sg-c92874a2 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group default (sg-c92874a2) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 eu-west-1 Ensure there are no Security Groups not being used. sg-31d72b79 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group default (sg-31d72b79) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 eu-west-2 Ensure there are no Security Groups not being used. sg-4b2ddf2a Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group default (sg-4b2ddf2a) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 eu-west-3 Ensure there are no Security Groups not being used. sg-7aaf9417 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group default (sg-7aaf9417) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 sa-east-1 Ensure there are no Security Groups not being used. sg-f82f8285 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group default (sg-f82f8285) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 us-east-1 Ensure there are no Security Groups not being used. sg-0236a454c87e868a2 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group d-906769962c_controllers (sg-0236a454c87e868a2) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 us-east-1 Ensure there are no Security Groups not being used. sg-050d9187f381d2f0b Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group default (sg-050d9187f381d2f0b) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 us-east-1 Ensure there are no Security Groups not being used. sg-7a00c82f Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group default (sg-7a00c82f) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS low ec2 us-east-1 Ensure there are no Security Groups not being used. sg-0bde47bb7dcbff977 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) it is being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 us-east-1 Ensure there are no Security Groups not being used. sg-0d3dc664f916e5beb Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group Test Instance (sg-0d3dc664f916e5beb) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 us-east-2 Ensure there are no Security Groups not being used. sg-00e8dbdcd832c0963 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group launch-wizard-1 (sg-00e8dbdcd832c0963) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 us-east-2 Ensure there are no Security Groups not being used. sg-b78824d2 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group default (sg-b78824d2) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 us-west-1 Ensure there are no Security Groups not being used. sg-06bcee4d6827a114b Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group launch-wizard-1 (sg-06bcee4d6827a114b) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 us-west-1 Ensure there are no Security Groups not being used. sg-d876d4a6 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group default (sg-d876d4a6) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 us-west-2 Ensure there are no Security Groups not being used. sg-0e76f8d7e9c5345df Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

FAIL low ec2 us-west-2 Ensure there are no Security Groups not being used. sg-e0eef6a5 Ensure there are no Security Groups not being used. ec2_securitygroup_not_used Security group default (sg-e0eef6a5) it is not being used.

Having clear definition and scope for Security Groups creates a better administration environment.

List all the security groups and then use the cli to check if they are attached to an instance.

PASS high ec2 ap-northeast-1 Find security groups with more than 50 ingress or egress rules. sg-a7a8a2d7 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group default (sg-a7a8a2d7) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-2 Find security groups with more than 50 ingress or egress rules. sg-0781bb66 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group default (sg-0781bb66) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-northeast-3 Find security groups with more than 50 ingress or egress rules. sg-3bd72a56 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group default (sg-3bd72a56) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-051bc89f00d84ba5d Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group default (sg-051bc89f00d84ba5d) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-014e8daa4cc040ec3 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group FLTITLE (sg-014e8daa4cc040ec3) has 3 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-05c4e006af9e88dce Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group production_instance_24hr (sg-05c4e006af9e88dce) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-090b4a2a1c5868d3f Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group FUGO-RDP-BNG (sg-090b4a2a1c5868d3f) has 4 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-00d80536c6f581309 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group poc-new-dr-SG (sg-00d80536c6f581309) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-06bd3c482cfc57740 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group launch-wizard-10 (sg-06bd3c482cfc57740) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0cef5febe99cb6c57 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group launch-wizard-2 (sg-0cef5febe99cb6c57) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0e3c03071ed78ed08 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group launch-wizard-7 (sg-0e3c03071ed78ed08) has 3 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-07032cce3a92d339c Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group newexample (sg-07032cce3a92d339c) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-03e9695ce5a0004e3 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group Demo-fugoone-instance (sg-03e9695ce5a0004e3) has 4 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-01ce2418c7b289616 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group demo.fugoone.com-ALB (sg-01ce2418c7b289616) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-048665d6d0c5ddade Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group launch-wizard-12 (sg-048665d6d0c5ddade) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-031e19902e2a5afdf Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group xenia (sg-031e19902e2a5afdf) has 4 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-09fe68ed6b5fb3364 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group FLTITLE-LB (sg-09fe68ed6b5fb3364) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-07fe7a4a585a27114 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group LogServer(Wazuh) (sg-07fe7a4a585a27114) has 4 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0d37f630587326b7e Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group launch-wizard-8 (sg-0d37f630587326b7e) has 3 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-026aafec6fadbd8c1 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group launch-wizard-6 (sg-026aafec6fadbd8c1) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-07a7e54c93da1b0bb Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group WINDOWS-IIS (sg-07a7e54c93da1b0bb) has 3 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0aeb794463e80d4fb Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group webservices.fugoone.com (sg-0aeb794463e80d4fb) has 3 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0a229ea3e85856a09 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group new-rdp-pub (sg-0a229ea3e85856a09) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-008d5e1c2f6c94baa Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group FUGO-PROD-RDS (sg-008d5e1c2f6c94baa) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-07cb54f5346101b04 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group FUGO-PROD-ELB (sg-07cb54f5346101b04) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-08d49b3fee5eae78f Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group FUGO-staging-DB (sg-08d49b3fee5eae78f) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0ced3f254ff2e2449 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group Production_instance (sg-0ced3f254ff2e2449) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0af3d8b5b8bc880fa Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group dir_fugoone_pur_req (sg-0af3d8b5b8bc880fa) has 4 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0a9daa8c4e10538d0 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group WEBSERVICES-FUGO-NEW-9-1-2020 (sg-0a9daa8c4e10538d0) has 5 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0772c4ae4f2152412 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group launch-wizard-9 (sg-0772c4ae4f2152412) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-091c740915160e014 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group default (sg-091c740915160e014) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0cda5846e51d75406 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group Test Ubuntu Instance (sg-0cda5846e51d75406) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-04b71d8fe6f61ac09 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group FUGO-RDPGW-SESSION-HOST-PROD (sg-04b71d8fe6f61ac09) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-08a830f3818df22d8 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group Temp AD Instance-(To Be Deleted) (sg-08a830f3818df22d8) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-09fc17deef2200543 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group launch-wizard-3 (sg-09fc17deef2200543) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0474afad1cede51c3 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group FUGO-NEW-DEMO-16042020 (sg-0474afad1cede51c3) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-16c91a78 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group default (sg-16c91a78) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-03dda95217bd722cf Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group WINDOWS-iis-8-1-2020-NO-LB (sg-03dda95217bd722cf) has 3 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0b36e9776f84be1b8 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group fugoservices-sql-prod (sg-0b36e9776f84be1b8) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0bd7e423fac41eca5 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group snatpshot_test (sg-0bd7e423fac41eca5) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-05eb10b1b7df8b201 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group default (sg-05eb10b1b7df8b201) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-094663576a916beb5 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group Scan (sg-094663576a916beb5) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0cf58d958641ae531 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group FLTITLE-db (sg-0cf58d958641ae531) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-07ca5965527721e2b Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group test.fugo.ELB (sg-07ca5965527721e2b) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-04ffc3255e82b26a3 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group test.fugoone (sg-04ffc3255e82b26a3) has 3 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0cc85defb9824bf46 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group newdemo (sg-0cc85defb9824bf46) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0a5358451ab8eb31f Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group CapitalMarket Demo (sg-0a5358451ab8eb31f) has 3 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-05621c06837212db5 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group fugo office network (sg-05621c06837212db5) has 2 inbound rules and 2 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-08b7370c7d1c12ab6 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group Workspace (sg-08b7370c7d1c12ab6) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0b6c9695323ec455c Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group knowfugo-revised-elb-sg (sg-0b6c9695323ec455c) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0d60b8f6ae7a1dc83 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group launch-wizard-11 (sg-0d60b8f6ae7a1dc83) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0b519b5e6321a2762 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group RDP_NEW (sg-0b519b5e6321a2762) has 4 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0b6ae40bc40a05870 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group default (sg-0b6ae40bc40a05870) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-07134278bb62c54e5 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group tittle.fugoone.com (sg-07134278bb62c54e5) has 3 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-04819898c1b060625 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group launch-wizard-1 (sg-04819898c1b060625) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-04e2e7f5507ea7337 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group launch-wizard-4 (sg-04e2e7f5507ea7337) has 3 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-05f377a970051f352 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP- (sg-05f377a970051f352) has 7 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0e4aa2f9d569fca18 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group Staging_knowfugo_db (sg-0e4aa2f9d569fca18) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-03cd1691502cec67e Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group windows (sg-03cd1691502cec67e) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0cae57cb9099fc6de Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group EC2-PROMETHEUS (sg-0cae57cb9099fc6de) has 3 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0dccfce9d4a0c9e60 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group FUGO SALES (sg-0dccfce9d4a0c9e60) has 4 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0b491bea1db5b5666 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group Windows_Mig_test (sg-0b491bea1db5b5666) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0ee48f91f8164b5d9 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group knowfugo-LB (sg-0ee48f91f8164b5d9) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0209ccd9248b69ece Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group FUGO-Production-DB (sg-0209ccd9248b69ece) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-055f2fcdabec8a369 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group default (sg-055f2fcdabec8a369) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-076ae3302eae38eae Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group Temp AD Instance-(To Be Deleted) (sg-076ae3302eae38eae) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-04025f2ff76e7bd88 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group test (sg-04025f2ff76e7bd88) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0129ef8098ddb64c3 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group monitoring-sg (sg-0129ef8098ddb64c3) has 4 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0eadf6ec31f93bb8f Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group audit-demo-lb (sg-0eadf6ec31f93bb8f) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0491433bb7e2de88d Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group DISK_MBR_TO_GPT (sg-0491433bb7e2de88d) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0c2892864e591824e Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group PMS-app-server (sg-0c2892864e591824e) has 6 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-06c3a17fe51c9de61 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group new-webservice-iis-windows (sg-06c3a17fe51c9de61) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0fdf571c639c4ea8f Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group mctest.fugoone.com-20-01-2020 (sg-0fdf571c639c4ea8f) has 3 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0ac53cbf0ab180e84 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group Demo.Fugoone.com-DB (sg-0ac53cbf0ab180e84) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-054a81357c28e6fb5 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group FUGO-staging-SG (sg-054a81357c28e6fb5) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0d900345b2583fc49 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group fugoservices-web (sg-0d900345b2583fc49) has 5 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-039c5bcf6bdfe954d Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group fugo-vapt-ELB (sg-039c5bcf6bdfe954d) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0a7e5947d6d3ab692 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group default (sg-0a7e5947d6d3ab692) has 5 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-000e6b51a965ce764 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group wazuh (sg-000e6b51a965ce764) has 4 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-02aac871f20a48d69 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group d-9f673fb744_controllers (sg-02aac871f20a48d69) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0299cd0cdfa6599bc Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group knowfugo-database (sg-0299cd0cdfa6599bc) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0b5898998ef0f0040 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group Fugo-vapt-instance (sg-0b5898998ef0f0040) has 3 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0f1b0a1ae6ee72a6e Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group FUGO-VAPT_DB (sg-0f1b0a1ae6ee72a6e) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0682fefbab8f20c19 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group newexamplefugoonecome (sg-0682fefbab8f20c19) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-03f8863db5b89f3cc Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group title.fugoone.com-ALB (sg-03f8863db5b89f3cc) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0b599093e3e3c4c6e Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group launch-wizard-5 (sg-0b599093e3e3c4c6e) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-007e9f3f5e6a7dda2 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group knowfugo (sg-007e9f3f5e6a7dda2) has 4 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0937aff6d72c24a45 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group stagng_knowfugo (sg-0937aff6d72c24a45) has 3 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-08121f893f2d89138 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group FUGO-WIN-LB=DEV (sg-08121f893f2d89138) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-048bccd7d49e2c556 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-1 (sg-048bccd7d49e2c556) has 3 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0325f3fdbd7f4ae04 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group Demo-audit (sg-0325f3fdbd7f4ae04) has 3 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0f8abce01b2b398db Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group Audit-Bastion (sg-0f8abce01b2b398db) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0f05243b7bf9d3257 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group FLTITLE-1 (sg-0f05243b7bf9d3257) has 3 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-04edb80657ca25b45 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group BASION host (sg-04edb80657ca25b45) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-01ddee8f2302669c3 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group api.fugoone.com (sg-01ddee8f2302669c3) has 5 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-01d6b0b12ee726a22 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group audit-demo-lb (sg-01d6b0b12ee726a22) has 2 inbound rules and 2 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-01063b292cec3ec8c Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group FUGO-AD (sg-01063b292cec3ec8c) has 3 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0e1e536387953fb6b Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group New_example_fugoone (sg-0e1e536387953fb6b) has 3 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-044d5380ff0b25acd Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group WFGBlocks_SG (sg-044d5380ff0b25acd) has 5 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0a2c2913bff2400c2 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group KNOW-ELB (sg-0a2c2913bff2400c2) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0532d1ee42b3f4636 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group test-fugoone-db (sg-0532d1ee42b3f4636) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0f44652776af161f8 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group demo-audit-rds-sg (sg-0f44652776af161f8) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0c2a1b648c8879fe5 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group NEW-DEMO-1642021 (sg-0c2a1b648c8879fe5) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-08c854f0f6d88954f Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group new_example_16042021_17042021_18_50 (sg-08c854f0f6d88954f) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-031db14f807d2b614 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group FUGO-Production-APP-server (sg-031db14f807d2b614) has 3 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-south-1 Find security groups with more than 50 ingress or egress rules. sg-0ebcd60f472f0e59d Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group Netgate pfSense Plus Firewall-VPN-Router-21-02-p1-AutogenByAWSMP-2/test_pfsnse (sg-0ebcd60f472f0e59d) has 7 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-1 Find security groups with more than 50 ingress or egress rules. sg-c9844db7 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group default (sg-c9844db7) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 ap-southeast-2 Find security groups with more than 50 ingress or egress rules. sg-b52739cb Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group default (sg-b52739cb) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-central-1 Find security groups with more than 50 ingress or egress rules. sg-6cab7d09 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group default (sg-6cab7d09) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-north-1 Find security groups with more than 50 ingress or egress rules. sg-c92874a2 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group default (sg-c92874a2) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-1 Find security groups with more than 50 ingress or egress rules. sg-31d72b79 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group default (sg-31d72b79) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-2 Find security groups with more than 50 ingress or egress rules. sg-4b2ddf2a Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group default (sg-4b2ddf2a) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 eu-west-3 Find security groups with more than 50 ingress or egress rules. sg-7aaf9417 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group default (sg-7aaf9417) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 sa-east-1 Find security groups with more than 50 ingress or egress rules. sg-f82f8285 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group default (sg-f82f8285) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Find security groups with more than 50 ingress or egress rules. sg-0236a454c87e868a2 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group d-906769962c_controllers (sg-0236a454c87e868a2) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Find security groups with more than 50 ingress or egress rules. sg-050d9187f381d2f0b Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group default (sg-050d9187f381d2f0b) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Find security groups with more than 50 ingress or egress rules. sg-7a00c82f Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group default (sg-7a00c82f) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Find security groups with more than 50 ingress or egress rules. sg-0bde47bb7dcbff977 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group d-906769962c_workspacesMembers (sg-0bde47bb7dcbff977) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-1 Find security groups with more than 50 ingress or egress rules. sg-0d3dc664f916e5beb Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group Test Instance (sg-0d3dc664f916e5beb) has 2 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Find security groups with more than 50 ingress or egress rules. sg-00e8dbdcd832c0963 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group launch-wizard-1 (sg-00e8dbdcd832c0963) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-east-2 Find security groups with more than 50 ingress or egress rules. sg-b78824d2 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group default (sg-b78824d2) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Find security groups with more than 50 ingress or egress rules. sg-06bcee4d6827a114b Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group launch-wizard-1 (sg-06bcee4d6827a114b) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-1 Find security groups with more than 50 ingress or egress rules. sg-d876d4a6 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group default (sg-d876d4a6) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Find security groups with more than 50 ingress or egress rules. sg-0e76f8d7e9c5345df Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group launch-wizard-1 (sg-0e76f8d7e9c5345df) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

PASS high ec2 us-west-2 Find security groups with more than 50 ingress or egress rules. sg-e0eef6a5 Find security groups with more than 50 ingress or egress rules. ec2_securitygroup_with_many_ingress_egress_rules Security group default (sg-e0eef6a5) has 1 inbound rules and 1 outbound rules

If Security groups are not properly configured the attack surface is increased.

Use a Zero Trust approach. Narrow ingress traffic as much as possible. Consider north-south as well as east-west traffic.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have deletion protection enabled. FUGO-PROD-LB Check if Elastic Load Balancers have deletion protection enabled. elbv2_deletion_protection ELBv2 FUGO-PROD-LB has not deletion protection.

If deletion protection is not enabled, the resource is not protected against deletion.

Enable deletion protection attribute, this is not enabled by default.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have deletion protection enabled. FUGO-Staging Check if Elastic Load Balancers have deletion protection enabled. elbv2_deletion_protection ELBv2 FUGO-Staging has not deletion protection.

If deletion protection is not enabled, the resource is not protected against deletion.

Enable deletion protection attribute, this is not enabled by default.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have deletion protection enabled. Knowfugo-ALB Check if Elastic Load Balancers have deletion protection enabled. elbv2_deletion_protection ELBv2 Knowfugo-ALB has not deletion protection.

If deletion protection is not enabled, the resource is not protected against deletion.

Enable deletion protection attribute, this is not enabled by default.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have deletion protection enabled. testing-fugoone-com Check if Elastic Load Balancers have deletion protection enabled. elbv2_deletion_protection ELBv2 testing-fugoone-com has not deletion protection.

If deletion protection is not enabled, the resource is not protected against deletion.

Enable deletion protection attribute, this is not enabled by default.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have deletion protection enabled. stagingknowfugo Check if Elastic Load Balancers have deletion protection enabled. elbv2_deletion_protection ELBv2 stagingknowfugo has not deletion protection.

If deletion protection is not enabled, the resource is not protected against deletion.

Enable deletion protection attribute, this is not enabled by default.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have deletion protection enabled. demo-fugoone Check if Elastic Load Balancers have deletion protection enabled. elbv2_deletion_protection ELBv2 demo-fugoone has not deletion protection.

If deletion protection is not enabled, the resource is not protected against deletion.

Enable deletion protection attribute, this is not enabled by default.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have deletion protection enabled. title-fugoone-com Check if Elastic Load Balancers have deletion protection enabled. elbv2_deletion_protection ELBv2 title-fugoone-com has not deletion protection.

If deletion protection is not enabled, the resource is not protected against deletion.

Enable deletion protection attribute, this is not enabled by default.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have deletion protection enabled. api-LB Check if Elastic Load Balancers have deletion protection enabled. elbv2_deletion_protection ELBv2 api-LB has not deletion protection.

If deletion protection is not enabled, the resource is not protected against deletion.

Enable deletion protection attribute, this is not enabled by default.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have deletion protection enabled. dr-fugooneprod-lb Check if Elastic Load Balancers have deletion protection enabled. elbv2_deletion_protection ELBv2 dr-fugooneprod-lb has not deletion protection.

If deletion protection is not enabled, the resource is not protected against deletion.

Enable deletion protection attribute, this is not enabled by default.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have deletion protection enabled. FLTITLE-LB Check if Elastic Load Balancers have deletion protection enabled. elbv2_deletion_protection ELBv2 FLTITLE-LB has not deletion protection.

If deletion protection is not enabled, the resource is not protected against deletion.

Enable deletion protection attribute, this is not enabled by default.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have deletion protection enabled. FugoOne-Title Check if Elastic Load Balancers have deletion protection enabled. elbv2_deletion_protection ELBv2 FugoOne-Title has not deletion protection.

If deletion protection is not enabled, the resource is not protected against deletion.

Enable deletion protection attribute, this is not enabled by default.

PASS medium elbv2 ap-south-1 Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. FUGO-PROD-LB Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. elbv2_desync_mitigation_mode ELBv2 ALB FUGO-PROD-LB is configured with correct desync mitigation mode.

HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands.

Ensure Application Load Balancer is configured with defensive or strictest desync mitigation mode.

PASS medium elbv2 ap-south-1 Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. FUGO-Staging Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. elbv2_desync_mitigation_mode ELBv2 ALB FUGO-Staging is configured with correct desync mitigation mode.

HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands.

Ensure Application Load Balancer is configured with defensive or strictest desync mitigation mode.

PASS medium elbv2 ap-south-1 Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. Knowfugo-ALB Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. elbv2_desync_mitigation_mode ELBv2 ALB Knowfugo-ALB is configured with correct desync mitigation mode.

HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands.

Ensure Application Load Balancer is configured with defensive or strictest desync mitigation mode.

PASS medium elbv2 ap-south-1 Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. testing-fugoone-com Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. elbv2_desync_mitigation_mode ELBv2 ALB testing-fugoone-com is configured with correct desync mitigation mode.

HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands.

Ensure Application Load Balancer is configured with defensive or strictest desync mitigation mode.

PASS medium elbv2 ap-south-1 Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. stagingknowfugo Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. elbv2_desync_mitigation_mode ELBv2 ALB stagingknowfugo is configured with correct desync mitigation mode.

HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands.

Ensure Application Load Balancer is configured with defensive or strictest desync mitigation mode.

PASS medium elbv2 ap-south-1 Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. demo-fugoone Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. elbv2_desync_mitigation_mode ELBv2 ALB demo-fugoone is configured with correct desync mitigation mode.

HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands.

Ensure Application Load Balancer is configured with defensive or strictest desync mitigation mode.

PASS medium elbv2 ap-south-1 Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. title-fugoone-com Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. elbv2_desync_mitigation_mode ELBv2 ALB title-fugoone-com is configured with correct desync mitigation mode.

HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands.

Ensure Application Load Balancer is configured with defensive or strictest desync mitigation mode.

PASS medium elbv2 ap-south-1 Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. api-LB Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. elbv2_desync_mitigation_mode ELBv2 ALB api-LB is configured with correct desync mitigation mode.

HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands.

Ensure Application Load Balancer is configured with defensive or strictest desync mitigation mode.

PASS medium elbv2 ap-south-1 Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. dr-fugooneprod-lb Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. elbv2_desync_mitigation_mode ELBv2 ALB dr-fugooneprod-lb is configured with correct desync mitigation mode.

HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands.

Ensure Application Load Balancer is configured with defensive or strictest desync mitigation mode.

PASS medium elbv2 ap-south-1 Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. FLTITLE-LB Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. elbv2_desync_mitigation_mode ELBv2 ALB FLTITLE-LB is configured with correct desync mitigation mode.

HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands.

Ensure Application Load Balancer is configured with defensive or strictest desync mitigation mode.

PASS medium elbv2 ap-south-1 Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. FugoOne-Title Check whether the Application Load Balancer is configured with defensive or strictest desync mitigation mode. elbv2_desync_mitigation_mode ELBv2 ALB FugoOne-Title is configured with correct desync mitigation mode.

HTTP Desync issues can lead to request smuggling and make your applications vulnerable to request queue or cache poisoning; which could lead to credential hijacking or execution of unauthorized commands.

Ensure Application Load Balancer is configured with defensive or strictest desync mitigation mode.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have insecure SSL ciphers. FUGO-PROD-LB Check if Elastic Load Balancers have insecure SSL ciphers. elbv2_insecure_ssl_ciphers ELBv2 FUGO-PROD-LB has listeners with insecure SSL protocols or ciphers.

Using insecure ciphers could affect privacy of in transit information.

Use a Security policy with a ciphers that are stronger as possible. Drop legacy and unsecure ciphers.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have insecure SSL ciphers. FUGO-Staging Check if Elastic Load Balancers have insecure SSL ciphers. elbv2_insecure_ssl_ciphers ELBv2 FUGO-Staging has listeners with insecure SSL protocols or ciphers.

Using insecure ciphers could affect privacy of in transit information.

Use a Security policy with a ciphers that are stronger as possible. Drop legacy and unsecure ciphers.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have insecure SSL ciphers. Knowfugo-ALB Check if Elastic Load Balancers have insecure SSL ciphers. elbv2_insecure_ssl_ciphers ELBv2 Knowfugo-ALB has listeners with insecure SSL protocols or ciphers.

Using insecure ciphers could affect privacy of in transit information.

Use a Security policy with a ciphers that are stronger as possible. Drop legacy and unsecure ciphers.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have insecure SSL ciphers. testing-fugoone-com Check if Elastic Load Balancers have insecure SSL ciphers. elbv2_insecure_ssl_ciphers ELBv2 testing-fugoone-com has listeners with insecure SSL protocols or ciphers.

Using insecure ciphers could affect privacy of in transit information.

Use a Security policy with a ciphers that are stronger as possible. Drop legacy and unsecure ciphers.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have insecure SSL ciphers. stagingknowfugo Check if Elastic Load Balancers have insecure SSL ciphers. elbv2_insecure_ssl_ciphers ELBv2 stagingknowfugo has listeners with insecure SSL protocols or ciphers.

Using insecure ciphers could affect privacy of in transit information.

Use a Security policy with a ciphers that are stronger as possible. Drop legacy and unsecure ciphers.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have insecure SSL ciphers. demo-fugoone Check if Elastic Load Balancers have insecure SSL ciphers. elbv2_insecure_ssl_ciphers ELBv2 demo-fugoone has listeners with insecure SSL protocols or ciphers.

Using insecure ciphers could affect privacy of in transit information.

Use a Security policy with a ciphers that are stronger as possible. Drop legacy and unsecure ciphers.

PASS medium elbv2 ap-south-1 Check if Elastic Load Balancers have insecure SSL ciphers. title-fugoone-com Check if Elastic Load Balancers have insecure SSL ciphers. elbv2_insecure_ssl_ciphers ELBv2 title-fugoone-com has not insecure SSL protocols or ciphers.

Using insecure ciphers could affect privacy of in transit information.

Use a Security policy with a ciphers that are stronger as possible. Drop legacy and unsecure ciphers.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have insecure SSL ciphers. api-LB Check if Elastic Load Balancers have insecure SSL ciphers. elbv2_insecure_ssl_ciphers ELBv2 api-LB has listeners with insecure SSL protocols or ciphers.

Using insecure ciphers could affect privacy of in transit information.

Use a Security policy with a ciphers that are stronger as possible. Drop legacy and unsecure ciphers.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have insecure SSL ciphers. dr-fugooneprod-lb Check if Elastic Load Balancers have insecure SSL ciphers. elbv2_insecure_ssl_ciphers ELBv2 dr-fugooneprod-lb has listeners with insecure SSL protocols or ciphers.

Using insecure ciphers could affect privacy of in transit information.

Use a Security policy with a ciphers that are stronger as possible. Drop legacy and unsecure ciphers.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have insecure SSL ciphers. FLTITLE-LB Check if Elastic Load Balancers have insecure SSL ciphers. elbv2_insecure_ssl_ciphers ELBv2 FLTITLE-LB has listeners with insecure SSL protocols or ciphers.

Using insecure ciphers could affect privacy of in transit information.

Use a Security policy with a ciphers that are stronger as possible. Drop legacy and unsecure ciphers.

PASS medium elbv2 ap-south-1 Check if Elastic Load Balancers have insecure SSL ciphers. FugoOne-Title Check if Elastic Load Balancers have insecure SSL ciphers. elbv2_insecure_ssl_ciphers ELBv2 FugoOne-Title has not insecure SSL protocols or ciphers.

Using insecure ciphers could affect privacy of in transit information.

Use a Security policy with a ciphers that are stronger as possible. Drop legacy and unsecure ciphers.

FAIL medium elbv2 ap-south-1 Check for internet facing Elastic Load Balancers. FUGO-PROD-LB Check for internet facing Elastic Load Balancers. elbv2_internet_facing ELBv2 ALB FUGO-PROD-LB is internet facing in FUGO-PROD-LB-459435528.ap-south-1.elb.amazonaws.com.

Publicly accessible load balancers could expose sensitive data to bad actors.

Ensure the load balancer should be publicly accessible. If publicly exposed ensure a WAF ACL is implemented.

FAIL medium elbv2 ap-south-1 Check for internet facing Elastic Load Balancers. FUGO-Staging Check for internet facing Elastic Load Balancers. elbv2_internet_facing ELBv2 ALB FUGO-Staging is internet facing in FUGO-Staging-192071740.ap-south-1.elb.amazonaws.com.

Publicly accessible load balancers could expose sensitive data to bad actors.

Ensure the load balancer should be publicly accessible. If publicly exposed ensure a WAF ACL is implemented.

FAIL medium elbv2 ap-south-1 Check for internet facing Elastic Load Balancers. Knowfugo-ALB Check for internet facing Elastic Load Balancers. elbv2_internet_facing ELBv2 ALB Knowfugo-ALB is internet facing in Knowfugo-ALB-522516464.ap-south-1.elb.amazonaws.com.

Publicly accessible load balancers could expose sensitive data to bad actors.

Ensure the load balancer should be publicly accessible. If publicly exposed ensure a WAF ACL is implemented.

FAIL medium elbv2 ap-south-1 Check for internet facing Elastic Load Balancers. testing-fugoone-com Check for internet facing Elastic Load Balancers. elbv2_internet_facing ELBv2 ALB testing-fugoone-com is internet facing in testing-fugoone-com-310979580.ap-south-1.elb.amazonaws.com.

Publicly accessible load balancers could expose sensitive data to bad actors.

Ensure the load balancer should be publicly accessible. If publicly exposed ensure a WAF ACL is implemented.

FAIL medium elbv2 ap-south-1 Check for internet facing Elastic Load Balancers. stagingknowfugo Check for internet facing Elastic Load Balancers. elbv2_internet_facing ELBv2 ALB stagingknowfugo is internet facing in stagingknowfugo-1329847775.ap-south-1.elb.amazonaws.com.

Publicly accessible load balancers could expose sensitive data to bad actors.

Ensure the load balancer should be publicly accessible. If publicly exposed ensure a WAF ACL is implemented.

FAIL medium elbv2 ap-south-1 Check for internet facing Elastic Load Balancers. demo-fugoone Check for internet facing Elastic Load Balancers. elbv2_internet_facing ELBv2 ALB demo-fugoone is internet facing in demo-fugoone-983706329.ap-south-1.elb.amazonaws.com.

Publicly accessible load balancers could expose sensitive data to bad actors.

Ensure the load balancer should be publicly accessible. If publicly exposed ensure a WAF ACL is implemented.

FAIL medium elbv2 ap-south-1 Check for internet facing Elastic Load Balancers. title-fugoone-com Check for internet facing Elastic Load Balancers. elbv2_internet_facing ELBv2 ALB title-fugoone-com is internet facing in title-fugoone-com-1076175532.ap-south-1.elb.amazonaws.com.

Publicly accessible load balancers could expose sensitive data to bad actors.

Ensure the load balancer should be publicly accessible. If publicly exposed ensure a WAF ACL is implemented.

FAIL medium elbv2 ap-south-1 Check for internet facing Elastic Load Balancers. api-LB Check for internet facing Elastic Load Balancers. elbv2_internet_facing ELBv2 ALB api-LB is internet facing in api-LB-1193414118.ap-south-1.elb.amazonaws.com.

Publicly accessible load balancers could expose sensitive data to bad actors.

Ensure the load balancer should be publicly accessible. If publicly exposed ensure a WAF ACL is implemented.

FAIL medium elbv2 ap-south-1 Check for internet facing Elastic Load Balancers. dr-fugooneprod-lb Check for internet facing Elastic Load Balancers. elbv2_internet_facing ELBv2 ALB dr-fugooneprod-lb is internet facing in dr-fugooneprod-lb-1545937100.ap-south-1.elb.amazonaws.com.

Publicly accessible load balancers could expose sensitive data to bad actors.

Ensure the load balancer should be publicly accessible. If publicly exposed ensure a WAF ACL is implemented.

FAIL medium elbv2 ap-south-1 Check for internet facing Elastic Load Balancers. FLTITLE-LB Check for internet facing Elastic Load Balancers. elbv2_internet_facing ELBv2 ALB FLTITLE-LB is internet facing in FLTITLE-LB-1323651929.ap-south-1.elb.amazonaws.com.

Publicly accessible load balancers could expose sensitive data to bad actors.

Ensure the load balancer should be publicly accessible. If publicly exposed ensure a WAF ACL is implemented.

FAIL medium elbv2 ap-south-1 Check for internet facing Elastic Load Balancers. FugoOne-Title Check for internet facing Elastic Load Balancers. elbv2_internet_facing ELBv2 ALB FugoOne-Title is internet facing in FugoOne-Title-1259559776.ap-south-1.elb.amazonaws.com.

Publicly accessible load balancers could expose sensitive data to bad actors.

Ensure the load balancer should be publicly accessible. If publicly exposed ensure a WAF ACL is implemented.

PASS medium elbv2 ap-south-1 Check if ELBV2 has listeners underneath. FUGO-PROD-LB Check if ELBV2 has listeners underneath. elbv2_listeners_underneath ELBv2 FUGO-PROD-LB has listeners underneath.

The rules that are defined for a listener determine how the load balancer routes requests to its registered targets.

Add listeners to Elastic Load Balancers V2.

PASS medium elbv2 ap-south-1 Check if ELBV2 has listeners underneath. FUGO-Staging Check if ELBV2 has listeners underneath. elbv2_listeners_underneath ELBv2 FUGO-Staging has listeners underneath.

The rules that are defined for a listener determine how the load balancer routes requests to its registered targets.

Add listeners to Elastic Load Balancers V2.

PASS medium elbv2 ap-south-1 Check if ELBV2 has listeners underneath. Knowfugo-ALB Check if ELBV2 has listeners underneath. elbv2_listeners_underneath ELBv2 Knowfugo-ALB has listeners underneath.

The rules that are defined for a listener determine how the load balancer routes requests to its registered targets.

Add listeners to Elastic Load Balancers V2.

PASS medium elbv2 ap-south-1 Check if ELBV2 has listeners underneath. testing-fugoone-com Check if ELBV2 has listeners underneath. elbv2_listeners_underneath ELBv2 testing-fugoone-com has listeners underneath.

The rules that are defined for a listener determine how the load balancer routes requests to its registered targets.

Add listeners to Elastic Load Balancers V2.

PASS medium elbv2 ap-south-1 Check if ELBV2 has listeners underneath. stagingknowfugo Check if ELBV2 has listeners underneath. elbv2_listeners_underneath ELBv2 stagingknowfugo has listeners underneath.

The rules that are defined for a listener determine how the load balancer routes requests to its registered targets.

Add listeners to Elastic Load Balancers V2.

PASS medium elbv2 ap-south-1 Check if ELBV2 has listeners underneath. demo-fugoone Check if ELBV2 has listeners underneath. elbv2_listeners_underneath ELBv2 demo-fugoone has listeners underneath.

The rules that are defined for a listener determine how the load balancer routes requests to its registered targets.

Add listeners to Elastic Load Balancers V2.

PASS medium elbv2 ap-south-1 Check if ELBV2 has listeners underneath. title-fugoone-com Check if ELBV2 has listeners underneath. elbv2_listeners_underneath ELBv2 title-fugoone-com has listeners underneath.

The rules that are defined for a listener determine how the load balancer routes requests to its registered targets.

Add listeners to Elastic Load Balancers V2.

PASS medium elbv2 ap-south-1 Check if ELBV2 has listeners underneath. api-LB Check if ELBV2 has listeners underneath. elbv2_listeners_underneath ELBv2 api-LB has listeners underneath.

The rules that are defined for a listener determine how the load balancer routes requests to its registered targets.

Add listeners to Elastic Load Balancers V2.

PASS medium elbv2 ap-south-1 Check if ELBV2 has listeners underneath. dr-fugooneprod-lb Check if ELBV2 has listeners underneath. elbv2_listeners_underneath ELBv2 dr-fugooneprod-lb has listeners underneath.

The rules that are defined for a listener determine how the load balancer routes requests to its registered targets.

Add listeners to Elastic Load Balancers V2.

PASS medium elbv2 ap-south-1 Check if ELBV2 has listeners underneath. FLTITLE-LB Check if ELBV2 has listeners underneath. elbv2_listeners_underneath ELBv2 FLTITLE-LB has listeners underneath.

The rules that are defined for a listener determine how the load balancer routes requests to its registered targets.

Add listeners to Elastic Load Balancers V2.

PASS medium elbv2 ap-south-1 Check if ELBV2 has listeners underneath. FugoOne-Title Check if ELBV2 has listeners underneath. elbv2_listeners_underneath ELBv2 FugoOne-Title has listeners underneath.

The rules that are defined for a listener determine how the load balancer routes requests to its registered targets.

Add listeners to Elastic Load Balancers V2.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have logging enabled. FUGO-PROD-LB Check if Elastic Load Balancers have logging enabled. elbv2_logging_enabled ELBv2 ALB FUGO-PROD-LB has not configured access logs.

If logs are not enabled monitoring of service use and threat analysis is not possible.

Enable ELB logging, create la log lifecycle and define use cases.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have logging enabled. FUGO-Staging Check if Elastic Load Balancers have logging enabled. elbv2_logging_enabled ELBv2 ALB FUGO-Staging has not configured access logs.

If logs are not enabled monitoring of service use and threat analysis is not possible.

Enable ELB logging, create la log lifecycle and define use cases.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have logging enabled. Knowfugo-ALB Check if Elastic Load Balancers have logging enabled. elbv2_logging_enabled ELBv2 ALB Knowfugo-ALB has not configured access logs.

If logs are not enabled monitoring of service use and threat analysis is not possible.

Enable ELB logging, create la log lifecycle and define use cases.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have logging enabled. testing-fugoone-com Check if Elastic Load Balancers have logging enabled. elbv2_logging_enabled ELBv2 ALB testing-fugoone-com has not configured access logs.

If logs are not enabled monitoring of service use and threat analysis is not possible.

Enable ELB logging, create la log lifecycle and define use cases.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have logging enabled. stagingknowfugo Check if Elastic Load Balancers have logging enabled. elbv2_logging_enabled ELBv2 ALB stagingknowfugo has not configured access logs.

If logs are not enabled monitoring of service use and threat analysis is not possible.

Enable ELB logging, create la log lifecycle and define use cases.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have logging enabled. demo-fugoone Check if Elastic Load Balancers have logging enabled. elbv2_logging_enabled ELBv2 ALB demo-fugoone has not configured access logs.

If logs are not enabled monitoring of service use and threat analysis is not possible.

Enable ELB logging, create la log lifecycle and define use cases.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have logging enabled. title-fugoone-com Check if Elastic Load Balancers have logging enabled. elbv2_logging_enabled ELBv2 ALB title-fugoone-com has not configured access logs.

If logs are not enabled monitoring of service use and threat analysis is not possible.

Enable ELB logging, create la log lifecycle and define use cases.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have logging enabled. api-LB Check if Elastic Load Balancers have logging enabled. elbv2_logging_enabled ELBv2 ALB api-LB has not configured access logs.

If logs are not enabled monitoring of service use and threat analysis is not possible.

Enable ELB logging, create la log lifecycle and define use cases.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have logging enabled. dr-fugooneprod-lb Check if Elastic Load Balancers have logging enabled. elbv2_logging_enabled ELBv2 ALB dr-fugooneprod-lb has not configured access logs.

If logs are not enabled monitoring of service use and threat analysis is not possible.

Enable ELB logging, create la log lifecycle and define use cases.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have logging enabled. FLTITLE-LB Check if Elastic Load Balancers have logging enabled. elbv2_logging_enabled ELBv2 ALB FLTITLE-LB has not configured access logs.

If logs are not enabled monitoring of service use and threat analysis is not possible.

Enable ELB logging, create la log lifecycle and define use cases.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have logging enabled. FugoOne-Title Check if Elastic Load Balancers have logging enabled. elbv2_logging_enabled ELBv2 ALB FugoOne-Title has not configured access logs.

If logs are not enabled monitoring of service use and threat analysis is not possible.

Enable ELB logging, create la log lifecycle and define use cases.

FAIL medium elbv2 ap-south-1 Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. FUGO-PROD-LB Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. elbv2_request_smugling ELBv2 ALB FUGO-PROD-LB is not dropping invalid header fields.

ALB can be target of actors sending bad HTTP headers.

Ensure Application Load Balancer is configured for HTTP headers with header fields that are not valid are removed by the load balancer (true).

FAIL medium elbv2 ap-south-1 Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. FUGO-Staging Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. elbv2_request_smugling ELBv2 ALB FUGO-Staging is not dropping invalid header fields.

ALB can be target of actors sending bad HTTP headers.

Ensure Application Load Balancer is configured for HTTP headers with header fields that are not valid are removed by the load balancer (true).

FAIL medium elbv2 ap-south-1 Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. Knowfugo-ALB Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. elbv2_request_smugling ELBv2 ALB Knowfugo-ALB is not dropping invalid header fields.

ALB can be target of actors sending bad HTTP headers.

Ensure Application Load Balancer is configured for HTTP headers with header fields that are not valid are removed by the load balancer (true).

FAIL medium elbv2 ap-south-1 Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. testing-fugoone-com Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. elbv2_request_smugling ELBv2 ALB testing-fugoone-com is not dropping invalid header fields.

ALB can be target of actors sending bad HTTP headers.

Ensure Application Load Balancer is configured for HTTP headers with header fields that are not valid are removed by the load balancer (true).

FAIL medium elbv2 ap-south-1 Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. stagingknowfugo Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. elbv2_request_smugling ELBv2 ALB stagingknowfugo is not dropping invalid header fields.

ALB can be target of actors sending bad HTTP headers.

Ensure Application Load Balancer is configured for HTTP headers with header fields that are not valid are removed by the load balancer (true).

FAIL medium elbv2 ap-south-1 Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. demo-fugoone Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. elbv2_request_smugling ELBv2 ALB demo-fugoone is not dropping invalid header fields.

ALB can be target of actors sending bad HTTP headers.

Ensure Application Load Balancer is configured for HTTP headers with header fields that are not valid are removed by the load balancer (true).

FAIL medium elbv2 ap-south-1 Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. title-fugoone-com Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. elbv2_request_smugling ELBv2 ALB title-fugoone-com is not dropping invalid header fields.

ALB can be target of actors sending bad HTTP headers.

Ensure Application Load Balancer is configured for HTTP headers with header fields that are not valid are removed by the load balancer (true).

FAIL medium elbv2 ap-south-1 Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. api-LB Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. elbv2_request_smugling ELBv2 ALB api-LB is not dropping invalid header fields.

ALB can be target of actors sending bad HTTP headers.

Ensure Application Load Balancer is configured for HTTP headers with header fields that are not valid are removed by the load balancer (true).

FAIL medium elbv2 ap-south-1 Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. dr-fugooneprod-lb Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. elbv2_request_smugling ELBv2 ALB dr-fugooneprod-lb is not dropping invalid header fields.

ALB can be target of actors sending bad HTTP headers.

Ensure Application Load Balancer is configured for HTTP headers with header fields that are not valid are removed by the load balancer (true).

FAIL medium elbv2 ap-south-1 Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. FLTITLE-LB Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. elbv2_request_smugling ELBv2 ALB FLTITLE-LB is not dropping invalid header fields.

ALB can be target of actors sending bad HTTP headers.

Ensure Application Load Balancer is configured for HTTP headers with header fields that are not valid are removed by the load balancer (true).

FAIL medium elbv2 ap-south-1 Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. FugoOne-Title Check if Application Load Balancer is dropping invalid packets to prevent header based HTTP request smuggling. elbv2_request_smugling ELBv2 ALB FugoOne-Title is not dropping invalid header fields.

ALB can be target of actors sending bad HTTP headers.

Ensure Application Load Balancer is configured for HTTP headers with header fields that are not valid are removed by the load balancer (true).

PASS medium elbv2 ap-south-1 Check if Elastic Load Balancers have SSL listeners. FUGO-PROD-LB Check if Elastic Load Balancers have SSL listeners. elbv2_ssl_listeners ELBv2 ALB FUGO-PROD-LB has HTTP listener but it redirects to HTTPS.

Clear text communication could affect privacy of information in transit.

Scan for Load Balancers with HTTP or TCP listeners and understand the reason for each of them. Check if the listener can be implemented as TLS instead.

PASS medium elbv2 ap-south-1 Check if Elastic Load Balancers have SSL listeners. FUGO-Staging Check if Elastic Load Balancers have SSL listeners. elbv2_ssl_listeners ELBv2 ALB FUGO-Staging has HTTP listener but it redirects to HTTPS.

Clear text communication could affect privacy of information in transit.

Scan for Load Balancers with HTTP or TCP listeners and understand the reason for each of them. Check if the listener can be implemented as TLS instead.

PASS medium elbv2 ap-south-1 Check if Elastic Load Balancers have SSL listeners. Knowfugo-ALB Check if Elastic Load Balancers have SSL listeners. elbv2_ssl_listeners ELBv2 ALB Knowfugo-ALB has HTTP listener but it redirects to HTTPS.

Clear text communication could affect privacy of information in transit.

Scan for Load Balancers with HTTP or TCP listeners and understand the reason for each of them. Check if the listener can be implemented as TLS instead.

PASS medium elbv2 ap-south-1 Check if Elastic Load Balancers have SSL listeners. testing-fugoone-com Check if Elastic Load Balancers have SSL listeners. elbv2_ssl_listeners ELBv2 ALB testing-fugoone-com has HTTP listener but it redirects to HTTPS.

Clear text communication could affect privacy of information in transit.

Scan for Load Balancers with HTTP or TCP listeners and understand the reason for each of them. Check if the listener can be implemented as TLS instead.

PASS medium elbv2 ap-south-1 Check if Elastic Load Balancers have SSL listeners. stagingknowfugo Check if Elastic Load Balancers have SSL listeners. elbv2_ssl_listeners ELBv2 ALB stagingknowfugo has HTTP listener but it redirects to HTTPS.

Clear text communication could affect privacy of information in transit.

Scan for Load Balancers with HTTP or TCP listeners and understand the reason for each of them. Check if the listener can be implemented as TLS instead.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have SSL listeners. demo-fugoone Check if Elastic Load Balancers have SSL listeners. elbv2_ssl_listeners ELBv2 ALB demo-fugoone has non-encrypted listeners.

Clear text communication could affect privacy of information in transit.

Scan for Load Balancers with HTTP or TCP listeners and understand the reason for each of them. Check if the listener can be implemented as TLS instead.

PASS medium elbv2 ap-south-1 Check if Elastic Load Balancers have SSL listeners. title-fugoone-com Check if Elastic Load Balancers have SSL listeners. elbv2_ssl_listeners ELBv2 ALB title-fugoone-com has HTTP listener but it redirects to HTTPS.

Clear text communication could affect privacy of information in transit.

Scan for Load Balancers with HTTP or TCP listeners and understand the reason for each of them. Check if the listener can be implemented as TLS instead.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have SSL listeners. api-LB Check if Elastic Load Balancers have SSL listeners. elbv2_ssl_listeners ELBv2 ALB api-LB has non-encrypted listeners.

Clear text communication could affect privacy of information in transit.

Scan for Load Balancers with HTTP or TCP listeners and understand the reason for each of them. Check if the listener can be implemented as TLS instead.

PASS medium elbv2 ap-south-1 Check if Elastic Load Balancers have SSL listeners. dr-fugooneprod-lb Check if Elastic Load Balancers have SSL listeners. elbv2_ssl_listeners ELBv2 ALB dr-fugooneprod-lb has HTTP listener but it redirects to HTTPS.

Clear text communication could affect privacy of information in transit.

Scan for Load Balancers with HTTP or TCP listeners and understand the reason for each of them. Check if the listener can be implemented as TLS instead.

PASS medium elbv2 ap-south-1 Check if Elastic Load Balancers have SSL listeners. FLTITLE-LB Check if Elastic Load Balancers have SSL listeners. elbv2_ssl_listeners ELBv2 ALB FLTITLE-LB has HTTP listener but it redirects to HTTPS.

Clear text communication could affect privacy of information in transit.

Scan for Load Balancers with HTTP or TCP listeners and understand the reason for each of them. Check if the listener can be implemented as TLS instead.

FAIL medium elbv2 ap-south-1 Check if Elastic Load Balancers have SSL listeners. FugoOne-Title Check if Elastic Load Balancers have SSL listeners. elbv2_ssl_listeners ELBv2 ALB FugoOne-Title has non-encrypted listeners.

Clear text communication could affect privacy of information in transit.

Scan for Load Balancers with HTTP or TCP listeners and understand the reason for each of them. Check if the listener can be implemented as TLS instead.

FAIL medium elbv2 ap-south-1 Check if Application Load Balancer has a WAF ACL attached. FUGO-PROD-LB Check if Application Load Balancer has a WAF ACL attached. elbv2_waf_acl_attached ELBv2 ALB FUGO-PROD-LB is not protected by WAF Web ACL.

If not WAF ACL is attached risk of web attacks increases.

Using the AWS Management Console open the AWS WAF console to attach an ACL.

FAIL medium elbv2 ap-south-1 Check if Application Load Balancer has a WAF ACL attached. FUGO-Staging Check if Application Load Balancer has a WAF ACL attached. elbv2_waf_acl_attached ELBv2 ALB FUGO-Staging is not protected by WAF Web ACL.

If not WAF ACL is attached risk of web attacks increases.

Using the AWS Management Console open the AWS WAF console to attach an ACL.

FAIL medium elbv2 ap-south-1 Check if Application Load Balancer has a WAF ACL attached. Knowfugo-ALB Check if Application Load Balancer has a WAF ACL attached. elbv2_waf_acl_attached ELBv2 ALB Knowfugo-ALB is not protected by WAF Web ACL.

If not WAF ACL is attached risk of web attacks increases.

Using the AWS Management Console open the AWS WAF console to attach an ACL.

FAIL medium elbv2 ap-south-1 Check if Application Load Balancer has a WAF ACL attached. testing-fugoone-com Check if Application Load Balancer has a WAF ACL attached. elbv2_waf_acl_attached ELBv2 ALB testing-fugoone-com is not protected by WAF Web ACL.

If not WAF ACL is attached risk of web attacks increases.

Using the AWS Management Console open the AWS WAF console to attach an ACL.

FAIL medium elbv2 ap-south-1 Check if Application Load Balancer has a WAF ACL attached. stagingknowfugo Check if Application Load Balancer has a WAF ACL attached. elbv2_waf_acl_attached ELBv2 ALB stagingknowfugo is not protected by WAF Web ACL.

If not WAF ACL is attached risk of web attacks increases.

Using the AWS Management Console open the AWS WAF console to attach an ACL.

FAIL medium elbv2 ap-south-1 Check if Application Load Balancer has a WAF ACL attached. demo-fugoone Check if Application Load Balancer has a WAF ACL attached. elbv2_waf_acl_attached ELBv2 ALB demo-fugoone is not protected by WAF Web ACL.

If not WAF ACL is attached risk of web attacks increases.

Using the AWS Management Console open the AWS WAF console to attach an ACL.

FAIL medium elbv2 ap-south-1 Check if Application Load Balancer has a WAF ACL attached. title-fugoone-com Check if Application Load Balancer has a WAF ACL attached. elbv2_waf_acl_attached ELBv2 ALB title-fugoone-com is not protected by WAF Web ACL.

If not WAF ACL is attached risk of web attacks increases.

Using the AWS Management Console open the AWS WAF console to attach an ACL.

FAIL medium elbv2 ap-south-1 Check if Application Load Balancer has a WAF ACL attached. api-LB Check if Application Load Balancer has a WAF ACL attached. elbv2_waf_acl_attached ELBv2 ALB api-LB is not protected by WAF Web ACL.

If not WAF ACL is attached risk of web attacks increases.

Using the AWS Management Console open the AWS WAF console to attach an ACL.

FAIL medium elbv2 ap-south-1 Check if Application Load Balancer has a WAF ACL attached. dr-fugooneprod-lb Check if Application Load Balancer has a WAF ACL attached. elbv2_waf_acl_attached ELBv2 ALB dr-fugooneprod-lb is not protected by WAF Web ACL.

If not WAF ACL is attached risk of web attacks increases.

Using the AWS Management Console open the AWS WAF console to attach an ACL.

FAIL medium elbv2 ap-south-1 Check if Application Load Balancer has a WAF ACL attached. FLTITLE-LB Check if Application Load Balancer has a WAF ACL attached. elbv2_waf_acl_attached ELBv2 ALB FLTITLE-LB is not protected by WAF Web ACL.

If not WAF ACL is attached risk of web attacks increases.

Using the AWS Management Console open the AWS WAF console to attach an ACL.

FAIL medium elbv2 ap-south-1 Check if Application Load Balancer has a WAF ACL attached. FugoOne-Title Check if Application Load Balancer has a WAF ACL attached. elbv2_waf_acl_attached ELBv2 ALB FugoOne-Title is not protected by WAF Web ACL.

If not WAF ACL is attached risk of web attacks increases.

Using the AWS Management Console open the AWS WAF console to attach an ACL.

PASS high emr ap-northeast-1 EMR Account Public Access Block enabled. 207592916039 EMR Account Public Access Block enabled. emr_cluster_account_public_block_enabled EMR Account has Block Public Access enabled

EMR Clusters must have Account Public Access Block enabled.

Enable EMR Account Public Access Block.

PASS high emr ap-northeast-2 EMR Account Public Access Block enabled. 207592916039 EMR Account Public Access Block enabled. emr_cluster_account_public_block_enabled EMR Account has Block Public Access enabled

EMR Clusters must have Account Public Access Block enabled.

Enable EMR Account Public Access Block.

PASS high emr ap-northeast-3 EMR Account Public Access Block enabled. 207592916039 EMR Account Public Access Block enabled. emr_cluster_account_public_block_enabled EMR Account has Block Public Access enabled

EMR Clusters must have Account Public Access Block enabled.

Enable EMR Account Public Access Block.

PASS high emr ap-south-1 EMR Account Public Access Block enabled. 207592916039 EMR Account Public Access Block enabled. emr_cluster_account_public_block_enabled EMR Account has Block Public Access enabled

EMR Clusters must have Account Public Access Block enabled.

Enable EMR Account Public Access Block.

PASS high emr ap-southeast-1 EMR Account Public Access Block enabled. 207592916039 EMR Account Public Access Block enabled. emr_cluster_account_public_block_enabled EMR Account has Block Public Access enabled

EMR Clusters must have Account Public Access Block enabled.

Enable EMR Account Public Access Block.

PASS high emr ap-southeast-2 EMR Account Public Access Block enabled. 207592916039 EMR Account Public Access Block enabled. emr_cluster_account_public_block_enabled EMR Account has Block Public Access enabled

EMR Clusters must have Account Public Access Block enabled.

Enable EMR Account Public Access Block.

PASS high emr ca-central-1 EMR Account Public Access Block enabled. 207592916039 EMR Account Public Access Block enabled. emr_cluster_account_public_block_enabled EMR Account has Block Public Access enabled

EMR Clusters must have Account Public Access Block enabled.

Enable EMR Account Public Access Block.

PASS high emr eu-central-1 EMR Account Public Access Block enabled. 207592916039 EMR Account Public Access Block enabled. emr_cluster_account_public_block_enabled EMR Account has Block Public Access enabled

EMR Clusters must have Account Public Access Block enabled.

Enable EMR Account Public Access Block.

PASS high emr eu-north-1 EMR Account Public Access Block enabled. 207592916039 EMR Account Public Access Block enabled. emr_cluster_account_public_block_enabled EMR Account has Block Public Access enabled

EMR Clusters must have Account Public Access Block enabled.

Enable EMR Account Public Access Block.

PASS high emr eu-west-1 EMR Account Public Access Block enabled. 207592916039 EMR Account Public Access Block enabled. emr_cluster_account_public_block_enabled EMR Account has Block Public Access enabled

EMR Clusters must have Account Public Access Block enabled.

Enable EMR Account Public Access Block.

PASS high emr eu-west-2 EMR Account Public Access Block enabled. 207592916039 EMR Account Public Access Block enabled. emr_cluster_account_public_block_enabled EMR Account has Block Public Access enabled

EMR Clusters must have Account Public Access Block enabled.

Enable EMR Account Public Access Block.

PASS high emr eu-west-3 EMR Account Public Access Block enabled. 207592916039 EMR Account Public Access Block enabled. emr_cluster_account_public_block_enabled EMR Account has Block Public Access enabled

EMR Clusters must have Account Public Access Block enabled.

Enable EMR Account Public Access Block.

PASS high emr sa-east-1 EMR Account Public Access Block enabled. 207592916039 EMR Account Public Access Block enabled. emr_cluster_account_public_block_enabled EMR Account has Block Public Access enabled

EMR Clusters must have Account Public Access Block enabled.

Enable EMR Account Public Access Block.

PASS high emr us-east-1 EMR Account Public Access Block enabled. 207592916039 EMR Account Public Access Block enabled. emr_cluster_account_public_block_enabled EMR Account has Block Public Access enabled

EMR Clusters must have Account Public Access Block enabled.

Enable EMR Account Public Access Block.

PASS high emr us-east-2 EMR Account Public Access Block enabled. 207592916039 EMR Account Public Access Block enabled. emr_cluster_account_public_block_enabled EMR Account has Block Public Access enabled

EMR Clusters must have Account Public Access Block enabled.

Enable EMR Account Public Access Block.

PASS high emr us-west-1 EMR Account Public Access Block enabled. 207592916039 EMR Account Public Access Block enabled. emr_cluster_account_public_block_enabled EMR Account has Block Public Access enabled

EMR Clusters must have Account Public Access Block enabled.

Enable EMR Account Public Access Block.

PASS high emr us-west-2 EMR Account Public Access Block enabled. 207592916039 EMR Account Public Access Block enabled. emr_cluster_account_public_block_enabled EMR Account has Block Public Access enabled

EMR Clusters must have Account Public Access Block enabled.

Enable EMR Account Public Access Block.

FAIL medium glue ap-northeast-1 Check if Glue data catalog settings have encrypt connection password enabled. 207592916039 Check if Glue data catalog settings have encrypt connection password enabled. glue_data_catalogs_connection_passwords_encryption_enabled Glue data catalog connection password is not encrypted.

If not enabled sensitive information at rest is not protected.

On the AWS Glue console; you can enable this option on the Data catalog settings page.

FAIL medium glue ap-northeast-2 Check if Glue data catalog settings have encrypt connection password enabled. 207592916039 Check if Glue data catalog settings have encrypt connection password enabled. glue_data_catalogs_connection_passwords_encryption_enabled Glue data catalog connection password is not encrypted.

If not enabled sensitive information at rest is not protected.

On the AWS Glue console; you can enable this option on the Data catalog settings page.

FAIL medium glue ap-northeast-3 Check if Glue data catalog settings have encrypt connection password enabled. 207592916039 Check if Glue data catalog settings have encrypt connection password enabled. glue_data_catalogs_connection_passwords_encryption_enabled Glue data catalog connection password is not encrypted.

If not enabled sensitive information at rest is not protected.

On the AWS Glue console; you can enable this option on the Data catalog settings page.

FAIL medium glue ap-south-1 Check if Glue data catalog settings have encrypt connection password enabled. 207592916039 Check if Glue data catalog settings have encrypt connection password enabled. glue_data_catalogs_connection_passwords_encryption_enabled Glue data catalog connection password is not encrypted.

If not enabled sensitive information at rest is not protected.

On the AWS Glue console; you can enable this option on the Data catalog settings page.

FAIL medium glue ap-southeast-1 Check if Glue data catalog settings have encrypt connection password enabled. 207592916039 Check if Glue data catalog settings have encrypt connection password enabled. glue_data_catalogs_connection_passwords_encryption_enabled Glue data catalog connection password is not encrypted.

If not enabled sensitive information at rest is not protected.

On the AWS Glue console; you can enable this option on the Data catalog settings page.

FAIL medium glue ap-southeast-2 Check if Glue data catalog settings have encrypt connection password enabled. 207592916039 Check if Glue data catalog settings have encrypt connection password enabled. glue_data_catalogs_connection_passwords_encryption_enabled Glue data catalog connection password is not encrypted.

If not enabled sensitive information at rest is not protected.

On the AWS Glue console; you can enable this option on the Data catalog settings page.

FAIL medium glue ca-central-1 Check if Glue data catalog settings have encrypt connection password enabled. 207592916039 Check if Glue data catalog settings have encrypt connection password enabled. glue_data_catalogs_connection_passwords_encryption_enabled Glue data catalog connection password is not encrypted.

If not enabled sensitive information at rest is not protected.

On the AWS Glue console; you can enable this option on the Data catalog settings page.

FAIL medium glue eu-central-1 Check if Glue data catalog settings have encrypt connection password enabled. 207592916039 Check if Glue data catalog settings have encrypt connection password enabled. glue_data_catalogs_connection_passwords_encryption_enabled Glue data catalog connection password is not encrypted.

If not enabled sensitive information at rest is not protected.

On the AWS Glue console; you can enable this option on the Data catalog settings page.

FAIL medium glue eu-north-1 Check if Glue data catalog settings have encrypt connection password enabled. 207592916039 Check if Glue data catalog settings have encrypt connection password enabled. glue_data_catalogs_connection_passwords_encryption_enabled Glue data catalog connection password is not encrypted.

If not enabled sensitive information at rest is not protected.

On the AWS Glue console; you can enable this option on the Data catalog settings page.

FAIL medium glue eu-west-1 Check if Glue data catalog settings have encrypt connection password enabled. 207592916039 Check if Glue data catalog settings have encrypt connection password enabled. glue_data_catalogs_connection_passwords_encryption_enabled Glue data catalog connection password is not encrypted.

If not enabled sensitive information at rest is not protected.

On the AWS Glue console; you can enable this option on the Data catalog settings page.

FAIL medium glue eu-west-2 Check if Glue data catalog settings have encrypt connection password enabled. 207592916039 Check if Glue data catalog settings have encrypt connection password enabled. glue_data_catalogs_connection_passwords_encryption_enabled Glue data catalog connection password is not encrypted.

If not enabled sensitive information at rest is not protected.

On the AWS Glue console; you can enable this option on the Data catalog settings page.

FAIL medium glue eu-west-3 Check if Glue data catalog settings have encrypt connection password enabled. 207592916039 Check if Glue data catalog settings have encrypt connection password enabled. glue_data_catalogs_connection_passwords_encryption_enabled Glue data catalog connection password is not encrypted.

If not enabled sensitive information at rest is not protected.

On the AWS Glue console; you can enable this option on the Data catalog settings page.

FAIL medium glue sa-east-1 Check if Glue data catalog settings have encrypt connection password enabled. 207592916039 Check if Glue data catalog settings have encrypt connection password enabled. glue_data_catalogs_connection_passwords_encryption_enabled Glue data catalog connection password is not encrypted.

If not enabled sensitive information at rest is not protected.

On the AWS Glue console; you can enable this option on the Data catalog settings page.

FAIL medium glue us-east-1 Check if Glue data catalog settings have encrypt connection password enabled. 207592916039 Check if Glue data catalog settings have encrypt connection password enabled. glue_data_catalogs_connection_passwords_encryption_enabled Glue data catalog connection password is not encrypted.

If not enabled sensitive information at rest is not protected.

On the AWS Glue console; you can enable this option on the Data catalog settings page.

FAIL medium glue us-east-2 Check if Glue data catalog settings have encrypt connection password enabled. 207592916039 Check if Glue data catalog settings have encrypt connection password enabled. glue_data_catalogs_connection_passwords_encryption_enabled Glue data catalog connection password is not encrypted.

If not enabled sensitive information at rest is not protected.

On the AWS Glue console; you can enable this option on the Data catalog settings page.

FAIL medium glue us-west-1 Check if Glue data catalog settings have encrypt connection password enabled. 207592916039 Check if Glue data catalog settings have encrypt connection password enabled. glue_data_catalogs_connection_passwords_encryption_enabled Glue data catalog connection password is not encrypted.

If not enabled sensitive information at rest is not protected.

On the AWS Glue console; you can enable this option on the Data catalog settings page.

FAIL medium glue us-west-2 Check if Glue data catalog settings have encrypt connection password enabled. 207592916039 Check if Glue data catalog settings have encrypt connection password enabled. glue_data_catalogs_connection_passwords_encryption_enabled Glue data catalog connection password is not encrypted.

If not enabled sensitive information at rest is not protected.

On the AWS Glue console; you can enable this option on the Data catalog settings page.

FAIL medium glue ap-northeast-1 Check if Glue data catalog settings have metadata encryption enabled. 207592916039 Check if Glue data catalog settings have metadata encryption enabled. glue_data_catalogs_metadata_encryption_enabled Glue data catalog settings have metadata encryption disabled.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium glue ap-northeast-2 Check if Glue data catalog settings have metadata encryption enabled. 207592916039 Check if Glue data catalog settings have metadata encryption enabled. glue_data_catalogs_metadata_encryption_enabled Glue data catalog settings have metadata encryption disabled.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium glue ap-northeast-3 Check if Glue data catalog settings have metadata encryption enabled. 207592916039 Check if Glue data catalog settings have metadata encryption enabled. glue_data_catalogs_metadata_encryption_enabled Glue data catalog settings have metadata encryption disabled.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium glue ap-south-1 Check if Glue data catalog settings have metadata encryption enabled. 207592916039 Check if Glue data catalog settings have metadata encryption enabled. glue_data_catalogs_metadata_encryption_enabled Glue data catalog settings have metadata encryption disabled.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium glue ap-southeast-1 Check if Glue data catalog settings have metadata encryption enabled. 207592916039 Check if Glue data catalog settings have metadata encryption enabled. glue_data_catalogs_metadata_encryption_enabled Glue data catalog settings have metadata encryption disabled.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium glue ap-southeast-2 Check if Glue data catalog settings have metadata encryption enabled. 207592916039 Check if Glue data catalog settings have metadata encryption enabled. glue_data_catalogs_metadata_encryption_enabled Glue data catalog settings have metadata encryption disabled.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium glue ca-central-1 Check if Glue data catalog settings have metadata encryption enabled. 207592916039 Check if Glue data catalog settings have metadata encryption enabled. glue_data_catalogs_metadata_encryption_enabled Glue data catalog settings have metadata encryption disabled.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium glue eu-central-1 Check if Glue data catalog settings have metadata encryption enabled. 207592916039 Check if Glue data catalog settings have metadata encryption enabled. glue_data_catalogs_metadata_encryption_enabled Glue data catalog settings have metadata encryption disabled.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium glue eu-north-1 Check if Glue data catalog settings have metadata encryption enabled. 207592916039 Check if Glue data catalog settings have metadata encryption enabled. glue_data_catalogs_metadata_encryption_enabled Glue data catalog settings have metadata encryption disabled.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium glue eu-west-1 Check if Glue data catalog settings have metadata encryption enabled. 207592916039 Check if Glue data catalog settings have metadata encryption enabled. glue_data_catalogs_metadata_encryption_enabled Glue data catalog settings have metadata encryption disabled.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium glue eu-west-2 Check if Glue data catalog settings have metadata encryption enabled. 207592916039 Check if Glue data catalog settings have metadata encryption enabled. glue_data_catalogs_metadata_encryption_enabled Glue data catalog settings have metadata encryption disabled.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium glue eu-west-3 Check if Glue data catalog settings have metadata encryption enabled. 207592916039 Check if Glue data catalog settings have metadata encryption enabled. glue_data_catalogs_metadata_encryption_enabled Glue data catalog settings have metadata encryption disabled.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium glue sa-east-1 Check if Glue data catalog settings have metadata encryption enabled. 207592916039 Check if Glue data catalog settings have metadata encryption enabled. glue_data_catalogs_metadata_encryption_enabled Glue data catalog settings have metadata encryption disabled.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium glue us-east-1 Check if Glue data catalog settings have metadata encryption enabled. 207592916039 Check if Glue data catalog settings have metadata encryption enabled. glue_data_catalogs_metadata_encryption_enabled Glue data catalog settings have metadata encryption disabled.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium glue us-east-2 Check if Glue data catalog settings have metadata encryption enabled. 207592916039 Check if Glue data catalog settings have metadata encryption enabled. glue_data_catalogs_metadata_encryption_enabled Glue data catalog settings have metadata encryption disabled.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium glue us-west-1 Check if Glue data catalog settings have metadata encryption enabled. 207592916039 Check if Glue data catalog settings have metadata encryption enabled. glue_data_catalogs_metadata_encryption_enabled Glue data catalog settings have metadata encryption disabled.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

FAIL medium glue us-west-2 Check if Glue data catalog settings have metadata encryption enabled. 207592916039 Check if Glue data catalog settings have metadata encryption enabled. glue_data_catalogs_metadata_encryption_enabled Glue data catalog settings have metadata encryption disabled.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

PASS high guardduty ap-south-1 Check if GuardDuty is enabled 5ac2a730fb2559aaad612df09b3e00d7 Check if GuardDuty is enabled guardduty_is_enabled GuardDuty detector 5ac2a730fb2559aaad612df09b3e00d7 enabled

Amazon GuardDuty is a continuous security monitoring service that analyzes and processes several datasources.

Enable GuardDuty and analyze its findings.

PASS high guardduty ap-south-1 There are High severity GuardDuty findings 5ac2a730fb2559aaad612df09b3e00d7 There are High severity GuardDuty findings guardduty_no_high_severity_findings GuardDuty detector 5ac2a730fb2559aaad612df09b3e00d7 does not have high severity findings.

If critical findings are not addressed threats can spread in the environment.

Review and remediate critical GuardDuty findings as quickly as possible.

FAIL high iam ap-south-1 Ensure users of groups with AdministratorAccess policy have MFA tokens enabled Admin_Access Ensure users of groups with AdministratorAccess policy have MFA tokens enabled iam_administrator_access_with_mfa Group Admin_Access provides administrator access to User v.vysakh@devopspace.com with MFA disabled.

Policy may allow Anonymous users to perform actions.

Ensure this repository and its contents should be publicly accessible.

PASS high iam ap-south-1 Ensure users of groups with AdministratorAccess policy have MFA tokens enabled FUGO-LOGS-S3 Ensure users of groups with AdministratorAccess policy have MFA tokens enabled iam_administrator_access_with_mfa Group FUGO-LOGS-S3 provides non-administrative access.

Policy may allow Anonymous users to perform actions.

Ensure this repository and its contents should be publicly accessible.

PASS high iam ap-south-1 Ensure users of groups with AdministratorAccess policy have MFA tokens enabled NOC-EC2-START-STOP Ensure users of groups with AdministratorAccess policy have MFA tokens enabled iam_administrator_access_with_mfa Group NOC-EC2-START-STOP provides non-administrative access.

Policy may allow Anonymous users to perform actions.

Ensure this repository and its contents should be publicly accessible.

PASS high iam ap-south-1 Ensure users of groups with AdministratorAccess policy have MFA tokens enabled Prowler Ensure users of groups with AdministratorAccess policy have MFA tokens enabled iam_administrator_access_with_mfa Group Prowler provides non-administrative access.

Policy may allow Anonymous users to perform actions.

Ensure this repository and its contents should be publicly accessible.

PASS high iam ap-south-1 Ensure users of groups with AdministratorAccess policy have MFA tokens enabled snapshot_drill Ensure users of groups with AdministratorAccess policy have MFA tokens enabled iam_administrator_access_with_mfa Group snapshot_drill provides non-administrative access.

Policy may allow Anonymous users to perform actions.

Ensure this repository and its contents should be publicly accessible.

FAIL high iam ap-south-1 Avoid the use of the root accounts <root_account> Avoid the use of the root account iam_avoid_root_usage Root user in the account was last accessed 251 days ago.

The root account has unrestricted access to all resources in the AWS account. It is highly recommended that the use of this account be avoided.

Follow the remediation instructions of the Ensure IAM policies are attached only to groups or roles recommendation.

PASS medium iam ap-south-1 Ensure credentials unused for 30 days or greater are disabled fugo-docs Ensure credentials unused for 30 days or greater are disabled iam_disable_30_days_credentials User fugo-docs has not a console password or is unused.

To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 30 days or greater are disabled fugo-rds-db-backup-s3-access Ensure credentials unused for 30 days or greater are disabled iam_disable_30_days_credentials User fugo-rds-db-backup-s3-access has not a console password or is unused.

To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 30 days or greater are disabled fugostaging_S3_Access Ensure credentials unused for 30 days or greater are disabled iam_disable_30_days_credentials User fugostaging_S3_Access has not a console password or is unused.

To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 30 days or greater are disabled haritha.e@avanzegroup.com Ensure credentials unused for 30 days or greater are disabled iam_disable_30_days_credentials User haritha.e@avanzegroup.com has logged into the console in the past 30 days.

To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 30 days or greater are disabled jaganmohana Ensure credentials unused for 30 days or greater are disabled iam_disable_30_days_credentials User jaganmohana has logged into the console in the past 30 days.

To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 30 days or greater are disabled Niresh.raj Ensure credentials unused for 30 days or greater are disabled iam_disable_30_days_credentials User Niresh.raj has logged into the console in the past 30 days.

To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

FAIL medium iam ap-south-1 Ensure credentials unused for 30 days or greater are disabled prakash_k@fugocreative.com Ensure credentials unused for 30 days or greater are disabled iam_disable_30_days_credentials User prakash_k@fugocreative.com has not logged into the console in the past 30 days.

To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 30 days or greater are disabled sujith.kumar@avanzegroup.com Ensure credentials unused for 30 days or greater are disabled iam_disable_30_days_credentials User sujith.kumar@avanzegroup.com has logged into the console in the past 30 days.

To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 30 days or greater are disabled sukanya.baasavaraj@avanzegroup.com Ensure credentials unused for 30 days or greater are disabled iam_disable_30_days_credentials User sukanya.baasavaraj@avanzegroup.com has logged into the console in the past 30 days.

To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 30 days or greater are disabled v.vysakh@devopspace.com Ensure credentials unused for 30 days or greater are disabled iam_disable_30_days_credentials User v.vysakh@devopspace.com has logged into the console in the past 30 days.

To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 30 days or greater are disabled vysakh-s3-keys Ensure credentials unused for 30 days or greater are disabled iam_disable_30_days_credentials User vysakh-s3-keys has not a console password or is unused.

To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 45 days or greater are disabled fugo-docs Ensure credentials unused for 45 days or greater are disabled iam_disable_45_days_credentials User fugo-docs has not a console password or is unused.

To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 45 days or greater are disabled fugo-rds-db-backup-s3-access Ensure credentials unused for 45 days or greater are disabled iam_disable_45_days_credentials User fugo-rds-db-backup-s3-access has not a console password or is unused.

To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 45 days or greater are disabled fugostaging_S3_Access Ensure credentials unused for 45 days or greater are disabled iam_disable_45_days_credentials User fugostaging_S3_Access has not a console password or is unused.

To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 45 days or greater are disabled haritha.e@avanzegroup.com Ensure credentials unused for 45 days or greater are disabled iam_disable_45_days_credentials User haritha.e@avanzegroup.com has logged into the console in the past 45 days.

To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 45 days or greater are disabled jaganmohana Ensure credentials unused for 45 days or greater are disabled iam_disable_45_days_credentials User jaganmohana has logged into the console in the past 45 days.

To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 45 days or greater are disabled Niresh.raj Ensure credentials unused for 45 days or greater are disabled iam_disable_45_days_credentials User Niresh.raj has logged into the console in the past 45 days.

To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

FAIL medium iam ap-south-1 Ensure credentials unused for 45 days or greater are disabled prakash_k@fugocreative.com Ensure credentials unused for 45 days or greater are disabled iam_disable_45_days_credentials User prakash_k@fugocreative.com has not logged into the console in the past 45 days.

To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 45 days or greater are disabled sujith.kumar@avanzegroup.com Ensure credentials unused for 45 days or greater are disabled iam_disable_45_days_credentials User sujith.kumar@avanzegroup.com has logged into the console in the past 45 days.

To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 45 days or greater are disabled sukanya.baasavaraj@avanzegroup.com Ensure credentials unused for 45 days or greater are disabled iam_disable_45_days_credentials User sukanya.baasavaraj@avanzegroup.com has logged into the console in the past 45 days.

To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 45 days or greater are disabled v.vysakh@devopspace.com Ensure credentials unused for 45 days or greater are disabled iam_disable_45_days_credentials User v.vysakh@devopspace.com has logged into the console in the past 45 days.

To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 45 days or greater are disabled vysakh-s3-keys Ensure credentials unused for 45 days or greater are disabled iam_disable_45_days_credentials User vysakh-s3-keys has not a console password or is unused.

To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 90 days or greater are disabled fugo-docs Ensure credentials unused for 90 days or greater are disabled iam_disable_90_days_credentials User fugo-docs has not a console password or is unused.

AWS IAM users can access AWS resources using different types of credentials (passwords or access keys). It is recommended that all credentials that have been unused in 90 or greater days be removed or deactivated.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 90 days or greater are disabled fugo-rds-db-backup-s3-access Ensure credentials unused for 90 days or greater are disabled iam_disable_90_days_credentials User fugo-rds-db-backup-s3-access has not a console password or is unused.

AWS IAM users can access AWS resources using different types of credentials (passwords or access keys). It is recommended that all credentials that have been unused in 90 or greater days be removed or deactivated.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 90 days or greater are disabled fugostaging_S3_Access Ensure credentials unused for 90 days or greater are disabled iam_disable_90_days_credentials User fugostaging_S3_Access has not a console password or is unused.

AWS IAM users can access AWS resources using different types of credentials (passwords or access keys). It is recommended that all credentials that have been unused in 90 or greater days be removed or deactivated.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 90 days or greater are disabled haritha.e@avanzegroup.com Ensure credentials unused for 90 days or greater are disabled iam_disable_90_days_credentials User haritha.e@avanzegroup.com has logged into the console in the past 90 days.

AWS IAM users can access AWS resources using different types of credentials (passwords or access keys). It is recommended that all credentials that have been unused in 90 or greater days be removed or deactivated.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 90 days or greater are disabled jaganmohana Ensure credentials unused for 90 days or greater are disabled iam_disable_90_days_credentials User jaganmohana has logged into the console in the past 90 days.

AWS IAM users can access AWS resources using different types of credentials (passwords or access keys). It is recommended that all credentials that have been unused in 90 or greater days be removed or deactivated.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 90 days or greater are disabled Niresh.raj Ensure credentials unused for 90 days or greater are disabled iam_disable_90_days_credentials User Niresh.raj has logged into the console in the past 90 days.

AWS IAM users can access AWS resources using different types of credentials (passwords or access keys). It is recommended that all credentials that have been unused in 90 or greater days be removed or deactivated.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

FAIL medium iam ap-south-1 Ensure credentials unused for 90 days or greater are disabled prakash_k@fugocreative.com Ensure credentials unused for 90 days or greater are disabled iam_disable_90_days_credentials User prakash_k@fugocreative.com has not logged into the console in the past 90 days.

AWS IAM users can access AWS resources using different types of credentials (passwords or access keys). It is recommended that all credentials that have been unused in 90 or greater days be removed or deactivated.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 90 days or greater are disabled sujith.kumar@avanzegroup.com Ensure credentials unused for 90 days or greater are disabled iam_disable_90_days_credentials User sujith.kumar@avanzegroup.com has logged into the console in the past 90 days.

AWS IAM users can access AWS resources using different types of credentials (passwords or access keys). It is recommended that all credentials that have been unused in 90 or greater days be removed or deactivated.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 90 days or greater are disabled sukanya.baasavaraj@avanzegroup.com Ensure credentials unused for 90 days or greater are disabled iam_disable_90_days_credentials User sukanya.baasavaraj@avanzegroup.com has logged into the console in the past 90 days.

AWS IAM users can access AWS resources using different types of credentials (passwords or access keys). It is recommended that all credentials that have been unused in 90 or greater days be removed or deactivated.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 90 days or greater are disabled v.vysakh@devopspace.com Ensure credentials unused for 90 days or greater are disabled iam_disable_90_days_credentials User v.vysakh@devopspace.com has logged into the console in the past 90 days.

AWS IAM users can access AWS resources using different types of credentials (passwords or access keys). It is recommended that all credentials that have been unused in 90 or greater days be removed or deactivated.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS medium iam ap-south-1 Ensure credentials unused for 90 days or greater are disabled vysakh-s3-keys Ensure credentials unused for 90 days or greater are disabled iam_disable_90_days_credentials User vysakh-s3-keys has not a console password or is unused.

AWS IAM users can access AWS resources using different types of credentials (passwords or access keys). It is recommended that all credentials that have been unused in 90 or greater days be removed or deactivated.

Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.

PASS critical iam ap-south-1 Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) FUGO-CLOUD-WATCH Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) iam_no_custom_policy_permissive_role_assumption Custom Policy FUGO-CLOUD-WATCH does not allow permissive STS Role assumption

If not restricted unintended access could happen.

Use the least privilege principle when granting permissions.

PASS critical iam ap-south-1 Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) fugostaging_S3_Access Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) iam_no_custom_policy_permissive_role_assumption Custom Policy fugostaging_S3_Access does not allow permissive STS Role assumption

If not restricted unintended access could happen.

Use the least privilege principle when granting permissions.

PASS critical iam ap-south-1 Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) VPC-FLOW-LOGS Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) iam_no_custom_policy_permissive_role_assumption Custom Policy VPC-FLOW-LOGS does not allow permissive STS Role assumption

If not restricted unintended access could happen.

Use the least privilege principle when granting permissions.

PASS critical iam ap-south-1 Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) workspace_fullaccess Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) iam_no_custom_policy_permissive_role_assumption Custom Policy workspace_fullaccess does not allow permissive STS Role assumption

If not restricted unintended access could happen.

Use the least privilege principle when granting permissions.

PASS critical iam ap-south-1 Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) Prowler-Additions-Policy Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) iam_no_custom_policy_permissive_role_assumption Custom Policy Prowler-Additions-Policy does not allow permissive STS Role assumption

If not restricted unintended access could happen.

Use the least privilege principle when granting permissions.

PASS critical iam ap-south-1 Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) Grafana-start-stop Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) iam_no_custom_policy_permissive_role_assumption Custom Policy Grafana-start-stop does not allow permissive STS Role assumption

If not restricted unintended access could happen.

Use the least privilege principle when granting permissions.

PASS critical iam ap-south-1 Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) FUGO-S3-LOGS-ACCESS Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) iam_no_custom_policy_permissive_role_assumption Custom Policy FUGO-S3-LOGS-ACCESS does not allow permissive STS Role assumption

If not restricted unintended access could happen.

Use the least privilege principle when granting permissions.

PASS critical iam ap-south-1 Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) CloudTrailPolicyForCloudWatchLogs_64dbf00c-03c2-40ce-a9e7-5a010f254762 Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) iam_no_custom_policy_permissive_role_assumption Custom Policy CloudTrailPolicyForCloudWatchLogs_64dbf00c-03c2-40ce-a9e7-5a010f254762 does not allow permissive STS Role assumption

If not restricted unintended access could happen.

Use the least privilege principle when granting permissions.

PASS critical iam ap-south-1 Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) NOC-START-STOP Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) iam_no_custom_policy_permissive_role_assumption Custom Policy NOC-START-STOP does not allow permissive STS Role assumption

If not restricted unintended access could happen.

Use the least privilege principle when granting permissions.

PASS critical iam ap-south-1 Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) fugo-doc-iam Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) iam_no_custom_policy_permissive_role_assumption Custom Policy fugo-doc-iam does not allow permissive STS Role assumption

If not restricted unintended access could happen.

Use the least privilege principle when granting permissions.

PASS critical iam ap-south-1 Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) Jaganmohana-Allow-Start-And-Stop-Ec2 Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) iam_no_custom_policy_permissive_role_assumption Custom Policy Jaganmohana-Allow-Start-And-Stop-Ec2 does not allow permissive STS Role assumption

If not restricted unintended access could happen.

Use the least privilege principle when granting permissions.

PASS critical iam ap-south-1 Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) fugo-rds-db-backup-s3-policy Ensure that no custom IAM policies exist which allow permissive role assumption (e.g. sts:AssumeRole on *) iam_no_custom_policy_permissive_role_assumption Custom Policy fugo-rds-db-backup-s3-policy does not allow permissive STS Role assumption

If not restricted unintended access could happen.

Use the least privilege principle when granting permissions.

PASS critical iam ap-south-1 Ensure no root account access key exists <root_account> Ensure no root account access key exists iam_no_root_access_key User <root_account> has not access keys.

The root account is the most privileged user in an AWS account. AWS Access Keys provide programmatic access to a given AWS account. It is recommended that all access keys associated with the root account be removed. Removing access keys associated with the root account limits vectors by which the account can be compromised. Removing the root access keys encourages the creation and use of role based accounts that are least privileged.

Use the credential report to that the user and ensure the access_key_1_active and access_key_2_active fields are set to FALSE.

PASS medium iam ap-south-1 Ensure IAM password policy expires passwords within 90 days or less password_policy Ensure IAM password policy expires passwords within 90 days or less iam_password_policy_expires_passwords_within_90_days_or_less Password expiration is set lower than 90 days (30 days).

Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one uppercase letter.

Ensure Password expiration period (in days): is set to 90 or less.

PASS medium iam ap-south-1 Ensure IAM password policy require at least one lowercase letter password_policy Ensure IAM password policy requires at least one uppercase letter iam_password_policy_lowercase IAM password policy does not require at least one lowercase letter.

Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one lowercase letter.

Ensure "Requires at least one lowercase letter" is checked under "Password Policy".

PASS medium iam ap-south-1 Ensure IAM password policy requires minimum length of 14 or greater password_policy Ensure IAM password policy requires minimum length of 14 or greater iam_password_policy_minimum_length_14 IAM password policy does not requires minimum length of 14 characters.

Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require minimum length of 14 or greater.

Ensure "Minimum password length" is checked under "Password Policy".

PASS medium iam ap-south-1 Ensure IAM password policy require at least one number password_policy Ensure IAM password policy require at least one number iam_password_policy_number IAM password policy does not require at least one number

Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one number.

Ensure "Require at least one number" is checked under "Password Policy".

FAIL medium iam ap-south-1 Ensure IAM password policy prevents password reuse: 24 or greater password_policy Ensure IAM password policy prevents password reuse: 24 or greater iam_password_policy_reuse_24 IAM password policy reuse prevention is less than 24 or not set.

Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy prevents at least password reuse of 24 or greater.

Ensure "Number of passwords to remember" is set to 24.

PASS medium iam ap-south-1 Ensure IAM password policy require at least one symbol password_policy Ensure IAM password policy require at least one symbol iam_password_policy_symbol IAM password policy does not require at least one symbol.

Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one non-alphanumeric character.

Ensure "Require at least one non-alphanumeric character" is checked under "Password Policy".

PASS medium iam ap-south-1 Ensure IAM password policy requires at least one uppercase letter password_policy Ensure IAM password policy requires at least one uppercase letter iam_password_policy_uppercase IAM password policy requires at least one uppercase letter.

Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require at least one uppercase letter.

Ensure "Requires at least one uppercase letter" is checked under "Password Policy".

PASS high iam ap-south-1 Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation FUGO-CLOUD-WATCH Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation iam_policy_allows_privilege_escalation Customer Managed IAM Policy arn:aws:iam::207592916039:policy/FUGO-CLOUD-WATCH not allows for privilege escalation

Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.

Grant usage permission on a per-resource basis and applying least privilege principle.

PASS high iam ap-south-1 Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation fugostaging_S3_Access Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation iam_policy_allows_privilege_escalation Customer Managed IAM Policy arn:aws:iam::207592916039:policy/fugostaging_S3_Access not allows for privilege escalation

Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.

Grant usage permission on a per-resource basis and applying least privilege principle.

PASS high iam ap-south-1 Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation VPC-FLOW-LOGS Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation iam_policy_allows_privilege_escalation Customer Managed IAM Policy arn:aws:iam::207592916039:policy/VPC-FLOW-LOGS not allows for privilege escalation

Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.

Grant usage permission on a per-resource basis and applying least privilege principle.

FAIL high iam ap-south-1 Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation workspace_fullaccess Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation iam_policy_allows_privilege_escalation Customer Managed IAM Policy arn:aws:iam::207592916039:policy/workspace_fullaccess allows for privilege escalation using the following actions: {'iam:PassRole', 'iam:PutRolePolicy'}

Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.

Grant usage permission on a per-resource basis and applying least privilege principle.

PASS high iam ap-south-1 Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation Prowler-Additions-Policy Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation iam_policy_allows_privilege_escalation Customer Managed IAM Policy arn:aws:iam::207592916039:policy/Prowler-Additions-Policy not allows for privilege escalation

Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.

Grant usage permission on a per-resource basis and applying least privilege principle.

PASS high iam ap-south-1 Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation Grafana-start-stop Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation iam_policy_allows_privilege_escalation Customer Managed IAM Policy arn:aws:iam::207592916039:policy/Grafana-start-stop not allows for privilege escalation

Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.

Grant usage permission on a per-resource basis and applying least privilege principle.

PASS high iam ap-south-1 Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation FUGO-S3-LOGS-ACCESS Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation iam_policy_allows_privilege_escalation Customer Managed IAM Policy arn:aws:iam::207592916039:policy/FUGO-S3-LOGS-ACCESS not allows for privilege escalation

Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.

Grant usage permission on a per-resource basis and applying least privilege principle.

PASS high iam ap-south-1 Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation CloudTrailPolicyForCloudWatchLogs_64dbf00c-03c2-40ce-a9e7-5a010f254762 Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation iam_policy_allows_privilege_escalation Customer Managed IAM Policy arn:aws:iam::207592916039:policy/service-role/CloudTrailPolicyForCloudWatchLogs_64dbf00c-03c2-40ce-a9e7-5a010f254762 not allows for privilege escalation

Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.

Grant usage permission on a per-resource basis and applying least privilege principle.

PASS high iam ap-south-1 Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation NOC-START-STOP Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation iam_policy_allows_privilege_escalation Customer Managed IAM Policy arn:aws:iam::207592916039:policy/NOC-START-STOP not allows for privilege escalation

Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.

Grant usage permission on a per-resource basis and applying least privilege principle.

PASS high iam ap-south-1 Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation fugo-doc-iam Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation iam_policy_allows_privilege_escalation Customer Managed IAM Policy arn:aws:iam::207592916039:policy/fugo-doc-iam not allows for privilege escalation

Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.

Grant usage permission on a per-resource basis and applying least privilege principle.

PASS high iam ap-south-1 Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation Jaganmohana-Allow-Start-And-Stop-Ec2 Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation iam_policy_allows_privilege_escalation Customer Managed IAM Policy arn:aws:iam::207592916039:policy/Jaganmohana-Allow-Start-And-Stop-Ec2 not allows for privilege escalation

Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.

Grant usage permission on a per-resource basis and applying least privilege principle.

PASS high iam ap-south-1 Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation fugo-rds-db-backup-s3-policy Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation iam_policy_allows_privilege_escalation Customer Managed IAM Policy arn:aws:iam::207592916039:policy/fugo-rds-db-backup-s3-policy not allows for privilege escalation

Users with some IAM permissions are allowed to elevate their privileges up to administrator rights.

Grant usage permission on a per-resource basis and applying least privilege principle.

FAIL low iam ap-south-1 Ensure IAM policies are attached only to groups or roles fugo-docs Ensure IAM policies are attached only to groups or roles iam_policy_attached_only_to_group_or_roles User fugo-docs has attached the following policy fugo-doc-iam

By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.

Remove any policy attached directly to the user. Use groups or roles instead.

FAIL low iam ap-south-1 Ensure IAM policies are attached only to groups or roles fugo-rds-db-backup-s3-access Ensure IAM policies are attached only to groups or roles iam_policy_attached_only_to_group_or_roles User fugo-rds-db-backup-s3-access has attached the following policy fugo-rds-db-backup-s3-policy

By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.

Remove any policy attached directly to the user. Use groups or roles instead.

FAIL low iam ap-south-1 Ensure IAM policies are attached only to groups or roles fugostaging_S3_Access Ensure IAM policies are attached only to groups or roles iam_policy_attached_only_to_group_or_roles User fugostaging_S3_Access has attached the following policy fugostaging_S3_Access

By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.

Remove any policy attached directly to the user. Use groups or roles instead.

PASS low iam ap-south-1 Ensure IAM policies are attached only to groups or roles haritha.e@avanzegroup.com Ensure IAM policies are attached only to groups or roles iam_policy_attached_only_to_group_or_roles User haritha.e@avanzegroup.com has no inline or attached policies

By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.

Remove any policy attached directly to the user. Use groups or roles instead.

FAIL low iam ap-south-1 Ensure IAM policies are attached only to groups or roles jaganmohana Ensure IAM policies are attached only to groups or roles iam_policy_attached_only_to_group_or_roles User jaganmohana has attached the following policy ReadOnlyAccess

By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.

Remove any policy attached directly to the user. Use groups or roles instead.

FAIL low iam ap-south-1 Ensure IAM policies are attached only to groups or roles jaganmohana Ensure IAM policies are attached only to groups or roles iam_policy_attached_only_to_group_or_roles User jaganmohana has attached the following policy Billing

By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.

Remove any policy attached directly to the user. Use groups or roles instead.

FAIL low iam ap-south-1 Ensure IAM policies are attached only to groups or roles jaganmohana Ensure IAM policies are attached only to groups or roles iam_policy_attached_only_to_group_or_roles User jaganmohana has attached the following policy Jaganmohana-Allow-Start-And-Stop-Ec2

By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.

Remove any policy attached directly to the user. Use groups or roles instead.

FAIL low iam ap-south-1 Ensure IAM policies are attached only to groups or roles Niresh.raj Ensure IAM policies are attached only to groups or roles iam_policy_attached_only_to_group_or_roles User Niresh.raj has attached the following policy AdministratorAccess

By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.

Remove any policy attached directly to the user. Use groups or roles instead.

FAIL low iam ap-south-1 Ensure IAM policies are attached only to groups or roles prakash_k@fugocreative.com Ensure IAM policies are attached only to groups or roles iam_policy_attached_only_to_group_or_roles User prakash_k@fugocreative.com has attached the following policy Billing

By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.

Remove any policy attached directly to the user. Use groups or roles instead.

FAIL low iam ap-south-1 Ensure IAM policies are attached only to groups or roles sujith.kumar@avanzegroup.com Ensure IAM policies are attached only to groups or roles iam_policy_attached_only_to_group_or_roles User sujith.kumar@avanzegroup.com has attached the following policy AdministratorAccess

By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.

Remove any policy attached directly to the user. Use groups or roles instead.

FAIL low iam ap-south-1 Ensure IAM policies are attached only to groups or roles sukanya.baasavaraj@avanzegroup.com Ensure IAM policies are attached only to groups or roles iam_policy_attached_only_to_group_or_roles User sukanya.baasavaraj@avanzegroup.com has attached the following policy AdministratorAccess

By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.

Remove any policy attached directly to the user. Use groups or roles instead.

PASS low iam ap-south-1 Ensure IAM policies are attached only to groups or roles v.vysakh@devopspace.com Ensure IAM policies are attached only to groups or roles iam_policy_attached_only_to_group_or_roles User v.vysakh@devopspace.com has no inline or attached policies

By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.

Remove any policy attached directly to the user. Use groups or roles instead.

FAIL low iam ap-south-1 Ensure IAM policies are attached only to groups or roles vysakh-s3-keys Ensure IAM policies are attached only to groups or roles iam_policy_attached_only_to_group_or_roles User vysakh-s3-keys has attached the following policy AmazonS3FullAccess

By default IAM users; groups; and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended that IAM policies be applied directly to groups and roles but not users. Assigning privileges at the group or role level reduces the complexity of access management as the number of users grow. Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.

Remove any policy attached directly to the user. Use groups or roles instead.

PASS medium iam ap-south-1 Ensure IAM policies that allow full "*:*" administrative privileges are not created FUGO-CLOUD-WATCH Ensure IAM policies that allow full "*:*" administrative privileges are not created iam_policy_no_administrative_privileges Policy FUGO-CLOUD-WATCH does not allow '*:*' administrative privileges

IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended and considered a standard security advice to grant least privilege—that is; granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.

It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.

PASS medium iam ap-south-1 Ensure IAM policies that allow full "*:*" administrative privileges are not created fugostaging_S3_Access Ensure IAM policies that allow full "*:*" administrative privileges are not created iam_policy_no_administrative_privileges Policy fugostaging_S3_Access does not allow '*:*' administrative privileges

IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended and considered a standard security advice to grant least privilege—that is; granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.

It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.

PASS medium iam ap-south-1 Ensure IAM policies that allow full "*:*" administrative privileges are not created VPC-FLOW-LOGS Ensure IAM policies that allow full "*:*" administrative privileges are not created iam_policy_no_administrative_privileges Policy VPC-FLOW-LOGS does not allow '*:*' administrative privileges

IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended and considered a standard security advice to grant least privilege—that is; granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.

It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.

PASS medium iam ap-south-1 Ensure IAM policies that allow full "*:*" administrative privileges are not created workspace_fullaccess Ensure IAM policies that allow full "*:*" administrative privileges are not created iam_policy_no_administrative_privileges Policy workspace_fullaccess does not allow '*:*' administrative privileges

IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended and considered a standard security advice to grant least privilege—that is; granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.

It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.

PASS medium iam ap-south-1 Ensure IAM policies that allow full "*:*" administrative privileges are not created Prowler-Additions-Policy Ensure IAM policies that allow full "*:*" administrative privileges are not created iam_policy_no_administrative_privileges Policy Prowler-Additions-Policy does not allow '*:*' administrative privileges

IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended and considered a standard security advice to grant least privilege—that is; granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.

It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.

PASS medium iam ap-south-1 Ensure IAM policies that allow full "*:*" administrative privileges are not created Grafana-start-stop Ensure IAM policies that allow full "*:*" administrative privileges are not created iam_policy_no_administrative_privileges Policy Grafana-start-stop does not allow '*:*' administrative privileges

IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended and considered a standard security advice to grant least privilege—that is; granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.

It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.

PASS medium iam ap-south-1 Ensure IAM policies that allow full "*:*" administrative privileges are not created FUGO-S3-LOGS-ACCESS Ensure IAM policies that allow full "*:*" administrative privileges are not created iam_policy_no_administrative_privileges Policy FUGO-S3-LOGS-ACCESS does not allow '*:*' administrative privileges

IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended and considered a standard security advice to grant least privilege—that is; granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.

It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.

PASS medium iam ap-south-1 Ensure IAM policies that allow full "*:*" administrative privileges are not created CloudTrailPolicyForCloudWatchLogs_64dbf00c-03c2-40ce-a9e7-5a010f254762 Ensure IAM policies that allow full "*:*" administrative privileges are not created iam_policy_no_administrative_privileges Policy CloudTrailPolicyForCloudWatchLogs_64dbf00c-03c2-40ce-a9e7-5a010f254762 does not allow '*:*' administrative privileges

IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended and considered a standard security advice to grant least privilege—that is; granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.

It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.

PASS medium iam ap-south-1 Ensure IAM policies that allow full "*:*" administrative privileges are not created NOC-START-STOP Ensure IAM policies that allow full "*:*" administrative privileges are not created iam_policy_no_administrative_privileges Policy NOC-START-STOP does not allow '*:*' administrative privileges

IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended and considered a standard security advice to grant least privilege—that is; granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.

It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.

PASS medium iam ap-south-1 Ensure IAM policies that allow full "*:*" administrative privileges are not created fugo-doc-iam Ensure IAM policies that allow full "*:*" administrative privileges are not created iam_policy_no_administrative_privileges Policy fugo-doc-iam does not allow '*:*' administrative privileges

IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended and considered a standard security advice to grant least privilege—that is; granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.

It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.

PASS medium iam ap-south-1 Ensure IAM policies that allow full "*:*" administrative privileges are not created Jaganmohana-Allow-Start-And-Stop-Ec2 Ensure IAM policies that allow full "*:*" administrative privileges are not created iam_policy_no_administrative_privileges Policy Jaganmohana-Allow-Start-And-Stop-Ec2 does not allow '*:*' administrative privileges

IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended and considered a standard security advice to grant least privilege—that is; granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.

It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.

PASS medium iam ap-south-1 Ensure IAM policies that allow full "*:*" administrative privileges are not created fugo-rds-db-backup-s3-policy Ensure IAM policies that allow full "*:*" administrative privileges are not created iam_policy_no_administrative_privileges Policy fugo-rds-db-backup-s3-policy does not allow '*:*' administrative privileges

IAM policies are the means by which privileges are granted to users; groups; or roles. It is recommended and considered a standard security advice to grant least privilege—that is; granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks instead of allowing full administrative privileges. Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.

It is more secure to start with a minimum set of permissions and grant additional permissions as necessary; rather than starting with permissions that are too lenient and then trying to tighten them later. List policies an analyze if permissions are the least possible to conduct business activities.

FAIL critical iam ap-south-1 Ensure hardware MFA is enabled for the root account root Ensure hardware MFA is enabled for the root account iam_root_hardware_mfa_enabled MFA is not enabled for root account.

The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled when a user signs in to an AWS website they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. For Level 2 it is recommended that the root account be protected with a hardware MFA.

Using IAM console navigate to Dashboard and expand Activate MFA on your root account.

FAIL critical iam ap-south-1 Ensure MFA is enabled for the root account <root_account> Ensure MFA is enabled for the root account iam_root_mfa_enabled MFA is not enabled for root account.

The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled when a user signs in to an AWS website they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. When virtual MFA is used for root accounts it is recommended that the device used is NOT a personal device but rather a dedicated mobile device (tablet or phone) that is managed to be kept charged and secured independent of any individual personal devices. (non-personal virtual MFA) This lessens the risks of losing access to the MFA due to device loss / trade-in or if the individual owning the device is no longer employed at the company.

Using IAM console navigate to Dashboard and expand Activate MFA on your root account.

FAIL medium iam ap-south-1 Ensure access keys are rotated every 90 days or less <root_account> Ensure access keys are rotated every 90 days or less iam_rotate_access_key_90_days User <root_account> has not rotated access key 1 in over 90 days (370 days).

Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.

Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.

FAIL medium iam ap-south-1 Ensure access keys are rotated every 90 days or less fugo-docs Ensure access keys are rotated every 90 days or less iam_rotate_access_key_90_days User fugo-docs has not rotated access key 1 in over 90 days (765 days).

Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.

Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.

PASS medium iam ap-south-1 Ensure access keys are rotated every 90 days or less fugo-rds-db-backup-s3-access Ensure access keys are rotated every 90 days or less iam_rotate_access_key_90_days User fugo-rds-db-backup-s3-access has access keys not older than 90 days.

Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.

Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.

PASS medium iam ap-south-1 Ensure access keys are rotated every 90 days or less fugostaging_S3_Access Ensure access keys are rotated every 90 days or less iam_rotate_access_key_90_days User fugostaging_S3_Access has access keys not older than 90 days.

Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.

Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.

PASS medium iam ap-south-1 Ensure access keys are rotated every 90 days or less haritha.e@avanzegroup.com Ensure access keys are rotated every 90 days or less iam_rotate_access_key_90_days User haritha.e@avanzegroup.com has access keys not older than 90 days.

Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.

Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.

PASS medium iam ap-south-1 Ensure access keys are rotated every 90 days or less jaganmohana Ensure access keys are rotated every 90 days or less iam_rotate_access_key_90_days User jaganmohana has not access keys.

Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.

Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.

PASS medium iam ap-south-1 Ensure access keys are rotated every 90 days or less Niresh.raj Ensure access keys are rotated every 90 days or less iam_rotate_access_key_90_days User Niresh.raj has access keys not older than 90 days.

Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.

Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.

PASS medium iam ap-south-1 Ensure access keys are rotated every 90 days or less prakash_k@fugocreative.com Ensure access keys are rotated every 90 days or less iam_rotate_access_key_90_days User prakash_k@fugocreative.com has not access keys.

Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.

Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.

PASS medium iam ap-south-1 Ensure access keys are rotated every 90 days or less sujith.kumar@avanzegroup.com Ensure access keys are rotated every 90 days or less iam_rotate_access_key_90_days User sujith.kumar@avanzegroup.com has access keys not older than 90 days.

Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.

Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.

PASS medium iam ap-south-1 Ensure access keys are rotated every 90 days or less sukanya.baasavaraj@avanzegroup.com Ensure access keys are rotated every 90 days or less iam_rotate_access_key_90_days User sukanya.baasavaraj@avanzegroup.com has access keys not older than 90 days.

Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.

Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.

PASS medium iam ap-south-1 Ensure access keys are rotated every 90 days or less v.vysakh@devopspace.com Ensure access keys are rotated every 90 days or less iam_rotate_access_key_90_days User v.vysakh@devopspace.com has access keys not older than 90 days.

Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.

Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.

PASS medium iam ap-south-1 Ensure access keys are rotated every 90 days or less vysakh-s3-keys Ensure access keys are rotated every 90 days or less iam_rotate_access_key_90_days User vysakh-s3-keys has access keys not older than 90 days.

Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.

Use the credential report to ensure access_key_X_last_rotated is less than 90 days ago.

PASS medium iam ap-south-1 Ensure a support role has been created to manage incidents with AWS Support AWSSupportServiceRolePolicy Ensure a support role has been created to manage incidents with AWS Support iam_support_role_created Support policy attached to role AWSServiceRoleForSupport

AWS provides a support center that can be used for incident notification and response; as well as technical support and customer services. Create an IAM Role to allow authorized users to manage incidents with AWS Support.

Create an IAM role for managing incidents with AWS.

FAIL medium iam ap-south-1 Check if IAM users have Hardware MFA enabled. fugo-docs Check if IAM users have Hardware MFA enabled. iam_user_hardware_mfa_enabled User fugo-docs has not any type of MFA enabled.

Hardware MFA is preferred over virtual MFA.

Enable hardware MFA device for an IAM user from the AWS Management Console; the command line; or the IAM API.

FAIL medium iam ap-south-1 Check if IAM users have Hardware MFA enabled. fugo-rds-db-backup-s3-access Check if IAM users have Hardware MFA enabled. iam_user_hardware_mfa_enabled User fugo-rds-db-backup-s3-access has not any type of MFA enabled.

Hardware MFA is preferred over virtual MFA.

Enable hardware MFA device for an IAM user from the AWS Management Console; the command line; or the IAM API.

FAIL medium iam ap-south-1 Check if IAM users have Hardware MFA enabled. fugostaging_S3_Access Check if IAM users have Hardware MFA enabled. iam_user_hardware_mfa_enabled User fugostaging_S3_Access has not any type of MFA enabled.

Hardware MFA is preferred over virtual MFA.

Enable hardware MFA device for an IAM user from the AWS Management Console; the command line; or the IAM API.

FAIL medium iam ap-south-1 Check if IAM users have Hardware MFA enabled. haritha.e@avanzegroup.com Check if IAM users have Hardware MFA enabled. iam_user_hardware_mfa_enabled User haritha.e@avanzegroup.com has a virtual MFA instead of a hardware MFA enabled.

Hardware MFA is preferred over virtual MFA.

Enable hardware MFA device for an IAM user from the AWS Management Console; the command line; or the IAM API.

FAIL medium iam ap-south-1 Check if IAM users have Hardware MFA enabled. jaganmohana Check if IAM users have Hardware MFA enabled. iam_user_hardware_mfa_enabled User jaganmohana has a virtual MFA instead of a hardware MFA enabled.

Hardware MFA is preferred over virtual MFA.

Enable hardware MFA device for an IAM user from the AWS Management Console; the command line; or the IAM API.

FAIL medium iam ap-south-1 Check if IAM users have Hardware MFA enabled. Niresh.raj Check if IAM users have Hardware MFA enabled. iam_user_hardware_mfa_enabled User Niresh.raj has a virtual MFA instead of a hardware MFA enabled.

Hardware MFA is preferred over virtual MFA.

Enable hardware MFA device for an IAM user from the AWS Management Console; the command line; or the IAM API.

FAIL medium iam ap-south-1 Check if IAM users have Hardware MFA enabled. prakash_k@fugocreative.com Check if IAM users have Hardware MFA enabled. iam_user_hardware_mfa_enabled User prakash_k@fugocreative.com has not any type of MFA enabled.

Hardware MFA is preferred over virtual MFA.

Enable hardware MFA device for an IAM user from the AWS Management Console; the command line; or the IAM API.

FAIL medium iam ap-south-1 Check if IAM users have Hardware MFA enabled. sujith.kumar@avanzegroup.com Check if IAM users have Hardware MFA enabled. iam_user_hardware_mfa_enabled User sujith.kumar@avanzegroup.com has a virtual MFA instead of a hardware MFA enabled.

Hardware MFA is preferred over virtual MFA.

Enable hardware MFA device for an IAM user from the AWS Management Console; the command line; or the IAM API.

FAIL medium iam ap-south-1 Check if IAM users have Hardware MFA enabled. sukanya.baasavaraj@avanzegroup.com Check if IAM users have Hardware MFA enabled. iam_user_hardware_mfa_enabled User sukanya.baasavaraj@avanzegroup.com has a virtual MFA instead of a hardware MFA enabled.

Hardware MFA is preferred over virtual MFA.

Enable hardware MFA device for an IAM user from the AWS Management Console; the command line; or the IAM API.

FAIL medium iam ap-south-1 Check if IAM users have Hardware MFA enabled. v.vysakh@devopspace.com Check if IAM users have Hardware MFA enabled. iam_user_hardware_mfa_enabled User v.vysakh@devopspace.com has not any type of MFA enabled.

Hardware MFA is preferred over virtual MFA.

Enable hardware MFA device for an IAM user from the AWS Management Console; the command line; or the IAM API.

FAIL medium iam ap-south-1 Check if IAM users have Hardware MFA enabled. vysakh-s3-keys Check if IAM users have Hardware MFA enabled. iam_user_hardware_mfa_enabled User vysakh-s3-keys has not any type of MFA enabled.

Hardware MFA is preferred over virtual MFA.

Enable hardware MFA device for an IAM user from the AWS Management Console; the command line; or the IAM API.

PASS high iam ap-south-1 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. <root_account> Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. iam_user_mfa_enabled_console_access User <root_account> has not Console Password enabled.

Unauthorized access to this critical account if password is not secure or it is disclosed in any way.

Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA.

FAIL high iam ap-south-1 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. fugo-docs Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. iam_user_mfa_enabled_console_access User fugo-docs has Console Password enabled but MFA disabled.

Unauthorized access to this critical account if password is not secure or it is disclosed in any way.

Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA.

FAIL high iam ap-south-1 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. fugo-rds-db-backup-s3-access Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. iam_user_mfa_enabled_console_access User fugo-rds-db-backup-s3-access has Console Password enabled but MFA disabled.

Unauthorized access to this critical account if password is not secure or it is disclosed in any way.

Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA.

FAIL high iam ap-south-1 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. fugostaging_S3_Access Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. iam_user_mfa_enabled_console_access User fugostaging_S3_Access has Console Password enabled but MFA disabled.

Unauthorized access to this critical account if password is not secure or it is disclosed in any way.

Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA.

PASS high iam ap-south-1 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. haritha.e@avanzegroup.com Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. iam_user_mfa_enabled_console_access User haritha.e@avanzegroup.com has Console Password enabled and MFA enabled.

Unauthorized access to this critical account if password is not secure or it is disclosed in any way.

Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA.

PASS high iam ap-south-1 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. jaganmohana Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. iam_user_mfa_enabled_console_access User jaganmohana has Console Password enabled and MFA enabled.

Unauthorized access to this critical account if password is not secure or it is disclosed in any way.

Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA.

PASS high iam ap-south-1 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. Niresh.raj Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. iam_user_mfa_enabled_console_access User Niresh.raj has Console Password enabled and MFA enabled.

Unauthorized access to this critical account if password is not secure or it is disclosed in any way.

Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA.

FAIL high iam ap-south-1 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. prakash_k@fugocreative.com Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. iam_user_mfa_enabled_console_access User prakash_k@fugocreative.com has Console Password enabled but MFA disabled.

Unauthorized access to this critical account if password is not secure or it is disclosed in any way.

Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA.

PASS high iam ap-south-1 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. sujith.kumar@avanzegroup.com Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. iam_user_mfa_enabled_console_access User sujith.kumar@avanzegroup.com has Console Password enabled and MFA enabled.

Unauthorized access to this critical account if password is not secure or it is disclosed in any way.

Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA.

PASS high iam ap-south-1 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. sukanya.baasavaraj@avanzegroup.com Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. iam_user_mfa_enabled_console_access User sukanya.baasavaraj@avanzegroup.com has Console Password enabled and MFA enabled.

Unauthorized access to this critical account if password is not secure or it is disclosed in any way.

Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA.

FAIL high iam ap-south-1 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. v.vysakh@devopspace.com Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. iam_user_mfa_enabled_console_access User v.vysakh@devopspace.com has Console Password enabled but MFA disabled.

Unauthorized access to this critical account if password is not secure or it is disclosed in any way.

Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA.

FAIL high iam ap-south-1 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. vysakh-s3-keys Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password. iam_user_mfa_enabled_console_access User vysakh-s3-keys has Console Password enabled but MFA disabled.

Unauthorized access to this critical account if password is not secure or it is disclosed in any way.

Enable MFA for users account. MFA is a simple best practice that adds an extra layer of protection on top of your user name and password. Recommended to use hardware keys over virtual MFA.

PASS medium iam ap-south-1 Do not setup access keys during initial user setup for all IAM users that have a console password <root_account> Do not setup access keys during initial user setup for all IAM users that have a console password iam_user_no_setup_initial_access_key User <root_account> does not have access keys or uses the access keys configured

AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials; it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization.

From the IAM console: generate credential report and disable not required keys.

PASS medium iam ap-south-1 Do not setup access keys during initial user setup for all IAM users that have a console password fugo-docs Do not setup access keys during initial user setup for all IAM users that have a console password iam_user_no_setup_initial_access_key User fugo-docs does not have access keys or uses the access keys configured

AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials; it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization.

From the IAM console: generate credential report and disable not required keys.

PASS medium iam ap-south-1 Do not setup access keys during initial user setup for all IAM users that have a console password fugo-rds-db-backup-s3-access Do not setup access keys during initial user setup for all IAM users that have a console password iam_user_no_setup_initial_access_key User fugo-rds-db-backup-s3-access does not have access keys or uses the access keys configured

AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials; it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization.

From the IAM console: generate credential report and disable not required keys.

PASS medium iam ap-south-1 Do not setup access keys during initial user setup for all IAM users that have a console password fugostaging_S3_Access Do not setup access keys during initial user setup for all IAM users that have a console password iam_user_no_setup_initial_access_key User fugostaging_S3_Access does not have access keys or uses the access keys configured

AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials; it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization.

From the IAM console: generate credential report and disable not required keys.

FAIL medium iam ap-south-1 Do not setup access keys during initial user setup for all IAM users that have a console password haritha.e@avanzegroup.com Do not setup access keys during initial user setup for all IAM users that have a console password iam_user_no_setup_initial_access_key User haritha.e@avanzegroup.com has never used access key 1

AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials; it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization.

From the IAM console: generate credential report and disable not required keys.

PASS medium iam ap-south-1 Do not setup access keys during initial user setup for all IAM users that have a console password jaganmohana Do not setup access keys during initial user setup for all IAM users that have a console password iam_user_no_setup_initial_access_key User jaganmohana does not have access keys or uses the access keys configured

AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials; it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization.

From the IAM console: generate credential report and disable not required keys.

FAIL medium iam ap-south-1 Do not setup access keys during initial user setup for all IAM users that have a console password Niresh.raj Do not setup access keys during initial user setup for all IAM users that have a console password iam_user_no_setup_initial_access_key User Niresh.raj has never used access key 1

AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials; it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization.

From the IAM console: generate credential report and disable not required keys.

PASS medium iam ap-south-1 Do not setup access keys during initial user setup for all IAM users that have a console password prakash_k@fugocreative.com Do not setup access keys during initial user setup for all IAM users that have a console password iam_user_no_setup_initial_access_key User prakash_k@fugocreative.com does not have access keys or uses the access keys configured

AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials; it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization.

From the IAM console: generate credential report and disable not required keys.

FAIL medium iam ap-south-1 Do not setup access keys during initial user setup for all IAM users that have a console password sujith.kumar@avanzegroup.com Do not setup access keys during initial user setup for all IAM users that have a console password iam_user_no_setup_initial_access_key User sujith.kumar@avanzegroup.com has never used access key 1

AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials; it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization.

From the IAM console: generate credential report and disable not required keys.

FAIL medium iam ap-south-1 Do not setup access keys during initial user setup for all IAM users that have a console password sukanya.baasavaraj@avanzegroup.com Do not setup access keys during initial user setup for all IAM users that have a console password iam_user_no_setup_initial_access_key User sukanya.baasavaraj@avanzegroup.com has never used access key 1

AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials; it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization.

From the IAM console: generate credential report and disable not required keys.

FAIL medium iam ap-south-1 Do not setup access keys during initial user setup for all IAM users that have a console password v.vysakh@devopspace.com Do not setup access keys during initial user setup for all IAM users that have a console password iam_user_no_setup_initial_access_key User v.vysakh@devopspace.com has never used access key 1

AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials; it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization.

From the IAM console: generate credential report and disable not required keys.

PASS medium iam ap-south-1 Do not setup access keys during initial user setup for all IAM users that have a console password vysakh-s3-keys Do not setup access keys during initial user setup for all IAM users that have a console password iam_user_no_setup_initial_access_key User vysakh-s3-keys does not have access keys or uses the access keys configured

AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials; it also generates unnecessary management work in auditing and rotating these keys. Requiring that additional steps be taken by the user after their profile has been created will give a stronger indication of intent that access keys are (a) necessary for their work and (b) once the access key is established on an account that the keys may be in use somewhere in the organization.

From the IAM console: generate credential report and disable not required keys.

PASS medium iam ap-south-1 Check if IAM users have two active access keys <root_account> Check if IAM users have two active access keys iam_user_two_active_access_key User <root_account> has not 2 active access keys.

Access Keys could be lost or stolen. It creates a critical risk.

Avoid using long lived access keys.

FAIL medium iam ap-south-1 Check if IAM users have two active access keys fugo-docs Check if IAM users have two active access keys iam_user_two_active_access_key User fugo-docs has 2 active access keys.

Access Keys could be lost or stolen. It creates a critical risk.

Avoid using long lived access keys.

PASS medium iam ap-south-1 Check if IAM users have two active access keys fugo-rds-db-backup-s3-access Check if IAM users have two active access keys iam_user_two_active_access_key User fugo-rds-db-backup-s3-access has not 2 active access keys.

Access Keys could be lost or stolen. It creates a critical risk.

Avoid using long lived access keys.

PASS medium iam ap-south-1 Check if IAM users have two active access keys fugostaging_S3_Access Check if IAM users have two active access keys iam_user_two_active_access_key User fugostaging_S3_Access has not 2 active access keys.

Access Keys could be lost or stolen. It creates a critical risk.

Avoid using long lived access keys.

PASS medium iam ap-south-1 Check if IAM users have two active access keys haritha.e@avanzegroup.com Check if IAM users have two active access keys iam_user_two_active_access_key User haritha.e@avanzegroup.com has not 2 active access keys.

Access Keys could be lost or stolen. It creates a critical risk.

Avoid using long lived access keys.

PASS medium iam ap-south-1 Check if IAM users have two active access keys jaganmohana Check if IAM users have two active access keys iam_user_two_active_access_key User jaganmohana has not 2 active access keys.

Access Keys could be lost or stolen. It creates a critical risk.

Avoid using long lived access keys.

PASS medium iam ap-south-1 Check if IAM users have two active access keys Niresh.raj Check if IAM users have two active access keys iam_user_two_active_access_key User Niresh.raj has not 2 active access keys.

Access Keys could be lost or stolen. It creates a critical risk.

Avoid using long lived access keys.

PASS medium iam ap-south-1 Check if IAM users have two active access keys prakash_k@fugocreative.com Check if IAM users have two active access keys iam_user_two_active_access_key User prakash_k@fugocreative.com has not 2 active access keys.

Access Keys could be lost or stolen. It creates a critical risk.

Avoid using long lived access keys.

PASS medium iam ap-south-1 Check if IAM users have two active access keys sujith.kumar@avanzegroup.com Check if IAM users have two active access keys iam_user_two_active_access_key User sujith.kumar@avanzegroup.com has not 2 active access keys.

Access Keys could be lost or stolen. It creates a critical risk.

Avoid using long lived access keys.

PASS medium iam ap-south-1 Check if IAM users have two active access keys sukanya.baasavaraj@avanzegroup.com Check if IAM users have two active access keys iam_user_two_active_access_key User sukanya.baasavaraj@avanzegroup.com has not 2 active access keys.

Access Keys could be lost or stolen. It creates a critical risk.

Avoid using long lived access keys.

PASS medium iam ap-south-1 Check if IAM users have two active access keys v.vysakh@devopspace.com Check if IAM users have two active access keys iam_user_two_active_access_key User v.vysakh@devopspace.com has not 2 active access keys.

Access Keys could be lost or stolen. It creates a critical risk.

Avoid using long lived access keys.

PASS medium iam ap-south-1 Check if IAM users have two active access keys vysakh-s3-keys Check if IAM users have two active access keys iam_user_two_active_access_key User vysakh-s3-keys has not 2 active access keys.

Access Keys could be lost or stolen. It creates a critical risk.

Avoid using long lived access keys.

FAIL low macie ap-northeast-1 Check if Amazon Macie is enabled. Macie Check if Amazon Macie is enabled. macie_is_enabled Macie is not enabled.

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS.

Enable Amazon Macie and create appropriate jobs to discover sensitive data.

FAIL low macie ap-northeast-2 Check if Amazon Macie is enabled. Macie Check if Amazon Macie is enabled. macie_is_enabled Macie is not enabled.

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS.

Enable Amazon Macie and create appropriate jobs to discover sensitive data.

FAIL low macie ap-northeast-3 Check if Amazon Macie is enabled. Macie Check if Amazon Macie is enabled. macie_is_enabled Macie is not enabled.

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS.

Enable Amazon Macie and create appropriate jobs to discover sensitive data.

FAIL low macie ap-south-1 Check if Amazon Macie is enabled. Macie Check if Amazon Macie is enabled. macie_is_enabled Macie is not enabled.

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS.

Enable Amazon Macie and create appropriate jobs to discover sensitive data.

FAIL low macie ap-southeast-1 Check if Amazon Macie is enabled. Macie Check if Amazon Macie is enabled. macie_is_enabled Macie is not enabled.

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS.

Enable Amazon Macie and create appropriate jobs to discover sensitive data.

FAIL low macie ap-southeast-2 Check if Amazon Macie is enabled. Macie Check if Amazon Macie is enabled. macie_is_enabled Macie is not enabled.

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS.

Enable Amazon Macie and create appropriate jobs to discover sensitive data.

FAIL low macie ca-central-1 Check if Amazon Macie is enabled. Macie Check if Amazon Macie is enabled. macie_is_enabled Macie is not enabled.

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS.

Enable Amazon Macie and create appropriate jobs to discover sensitive data.

FAIL low macie eu-central-1 Check if Amazon Macie is enabled. Macie Check if Amazon Macie is enabled. macie_is_enabled Macie is not enabled.

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS.

Enable Amazon Macie and create appropriate jobs to discover sensitive data.

FAIL low macie eu-north-1 Check if Amazon Macie is enabled. Macie Check if Amazon Macie is enabled. macie_is_enabled Macie is not enabled.

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS.

Enable Amazon Macie and create appropriate jobs to discover sensitive data.

FAIL low macie eu-west-1 Check if Amazon Macie is enabled. Macie Check if Amazon Macie is enabled. macie_is_enabled Macie is not enabled.

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS.

Enable Amazon Macie and create appropriate jobs to discover sensitive data.

FAIL low macie eu-west-2 Check if Amazon Macie is enabled. Macie Check if Amazon Macie is enabled. macie_is_enabled Macie is not enabled.

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS.

Enable Amazon Macie and create appropriate jobs to discover sensitive data.

FAIL low macie eu-west-3 Check if Amazon Macie is enabled. Macie Check if Amazon Macie is enabled. macie_is_enabled Macie is not enabled.

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS.

Enable Amazon Macie and create appropriate jobs to discover sensitive data.

FAIL low macie sa-east-1 Check if Amazon Macie is enabled. Macie Check if Amazon Macie is enabled. macie_is_enabled Macie is not enabled.

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS.

Enable Amazon Macie and create appropriate jobs to discover sensitive data.

FAIL low macie us-east-1 Check if Amazon Macie is enabled. Macie Check if Amazon Macie is enabled. macie_is_enabled Macie is not enabled.

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS.

Enable Amazon Macie and create appropriate jobs to discover sensitive data.

FAIL low macie us-east-2 Check if Amazon Macie is enabled. Macie Check if Amazon Macie is enabled. macie_is_enabled Macie is not enabled.

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS.

Enable Amazon Macie and create appropriate jobs to discover sensitive data.

FAIL low macie us-west-1 Check if Amazon Macie is enabled. Macie Check if Amazon Macie is enabled. macie_is_enabled Macie is not enabled.

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS.

Enable Amazon Macie and create appropriate jobs to discover sensitive data.

FAIL low macie us-west-2 Check if Amazon Macie is enabled. Macie Check if Amazon Macie is enabled. macie_is_enabled Macie is not enabled.

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor and protect your sensitive data in AWS.

Enable Amazon Macie and create appropriate jobs to discover sensitive data.

PASS medium rds ap-south-1 Check if RDS instances have backup enabled. fltitle-db Check if RDS instances have backup enabled. rds_instance_backup_enabled RDS Instance fltitle-db has backup enabled with retention period 7 days.

If backup is not enabled, data is vulnerable. Human error or bad actors could erase or modify data.

Enable automated backup for production data. Define a retention period and periodically test backup restoration. A Disaster Recovery process should be in place to govern Data Protection approach.

PASS medium rds ap-south-1 Check if RDS instances have backup enabled. fugo-knowfugo Check if RDS instances have backup enabled. rds_instance_backup_enabled RDS Instance fugo-knowfugo has backup enabled with retention period 7 days.

If backup is not enabled, data is vulnerable. Human error or bad actors could erase or modify data.

Enable automated backup for production data. Define a retention period and periodically test backup restoration. A Disaster Recovery process should be in place to govern Data Protection approach.

PASS medium rds ap-south-1 Check if RDS instances have backup enabled. fugoonetitle Check if RDS instances have backup enabled. rds_instance_backup_enabled RDS Instance fugoonetitle has backup enabled with retention period 7 days.

If backup is not enabled, data is vulnerable. Human error or bad actors could erase or modify data.

Enable automated backup for production data. Define a retention period and periodically test backup restoration. A Disaster Recovery process should be in place to govern Data Protection approach.

PASS medium rds ap-south-1 Check if RDS instances have backup enabled. fugo-prod-db Check if RDS instances have backup enabled. rds_instance_backup_enabled RDS Instance fugo-prod-db has backup enabled with retention period 7 days.

If backup is not enabled, data is vulnerable. Human error or bad actors could erase or modify data.

Enable automated backup for production data. Define a retention period and periodically test backup restoration. A Disaster Recovery process should be in place to govern Data Protection approach.

FAIL medium rds ap-south-1 Check if RDS instances have backup enabled. fugo-read-db Check if RDS instances have backup enabled. rds_instance_backup_enabled RDS Instance fugo-read-db has not backup enabled.

If backup is not enabled, data is vulnerable. Human error or bad actors could erase or modify data.

Enable automated backup for production data. Define a retention period and periodically test backup restoration. A Disaster Recovery process should be in place to govern Data Protection approach.

PASS medium rds ap-south-1 Check if RDS instances have backup enabled. fugo-stagingknowfugo Check if RDS instances have backup enabled. rds_instance_backup_enabled RDS Instance fugo-stagingknowfugo has backup enabled with retention period 7 days.

If backup is not enabled, data is vulnerable. Human error or bad actors could erase or modify data.

Enable automated backup for production data. Define a retention period and periodically test backup restoration. A Disaster Recovery process should be in place to govern Data Protection approach.

PASS medium rds ap-south-1 Check if RDS instances have backup enabled. new-dr-fugoone-db-21-12-2021 Check if RDS instances have backup enabled. rds_instance_backup_enabled RDS Instance new-dr-fugoone-db-21-12-2021 has backup enabled with retention period 7 days.

If backup is not enabled, data is vulnerable. Human error or bad actors could erase or modify data.

Enable automated backup for production data. Define a retention period and periodically test backup restoration. A Disaster Recovery process should be in place to govern Data Protection approach.

FAIL medium rds ap-south-1 Check if RDS instances have deletion protection enabled. fltitle-db Check if RDS instances have deletion protection enabled. rds_instance_deletion_protection RDS Instance fltitle-db deletion protection is not enabled.

You can only delete instances that do not have deletion protection enabled.

Enable deletion protection using the AWS Management Console for production DB instances.

FAIL medium rds ap-south-1 Check if RDS instances have deletion protection enabled. fugo-knowfugo Check if RDS instances have deletion protection enabled. rds_instance_deletion_protection RDS Instance fugo-knowfugo deletion protection is not enabled.

You can only delete instances that do not have deletion protection enabled.

Enable deletion protection using the AWS Management Console for production DB instances.

FAIL medium rds ap-south-1 Check if RDS instances have deletion protection enabled. fugoonetitle Check if RDS instances have deletion protection enabled. rds_instance_deletion_protection RDS Instance fugoonetitle deletion protection is not enabled.

You can only delete instances that do not have deletion protection enabled.

Enable deletion protection using the AWS Management Console for production DB instances.

PASS medium rds ap-south-1 Check if RDS instances have deletion protection enabled. fugo-prod-db Check if RDS instances have deletion protection enabled. rds_instance_deletion_protection RDS Instance fugo-prod-db deletion protection is enabled.

You can only delete instances that do not have deletion protection enabled.

Enable deletion protection using the AWS Management Console for production DB instances.

PASS medium rds ap-south-1 Check if RDS instances have deletion protection enabled. fugo-read-db Check if RDS instances have deletion protection enabled. rds_instance_deletion_protection RDS Instance fugo-read-db deletion protection is enabled.

You can only delete instances that do not have deletion protection enabled.

Enable deletion protection using the AWS Management Console for production DB instances.

FAIL medium rds ap-south-1 Check if RDS instances have deletion protection enabled. fugo-stagingknowfugo Check if RDS instances have deletion protection enabled. rds_instance_deletion_protection RDS Instance fugo-stagingknowfugo deletion protection is not enabled.

You can only delete instances that do not have deletion protection enabled.

Enable deletion protection using the AWS Management Console for production DB instances.

FAIL medium rds ap-south-1 Check if RDS instances have deletion protection enabled. new-dr-fugoone-db-21-12-2021 Check if RDS instances have deletion protection enabled. rds_instance_deletion_protection RDS Instance new-dr-fugoone-db-21-12-2021 deletion protection is not enabled.

You can only delete instances that do not have deletion protection enabled.

Enable deletion protection using the AWS Management Console for production DB instances.

FAIL low rds ap-south-1 Check if RDS instances has enhanced monitoring enabled. fltitle-db Check if RDS instances has enhanced monitoring enabled. rds_instance_enhanced_monitoring_enabled RDS Instance fltitle-db does not have enhanced monitoring enabled.

A smaller monitoring interval results in more frequent reporting of OS metrics.

To use Enhanced Monitoring, you must create an IAM role; and then enable Enhanced Monitoring.

FAIL low rds ap-south-1 Check if RDS instances has enhanced monitoring enabled. fugo-knowfugo Check if RDS instances has enhanced monitoring enabled. rds_instance_enhanced_monitoring_enabled RDS Instance fugo-knowfugo does not have enhanced monitoring enabled.

A smaller monitoring interval results in more frequent reporting of OS metrics.

To use Enhanced Monitoring, you must create an IAM role; and then enable Enhanced Monitoring.

FAIL low rds ap-south-1 Check if RDS instances has enhanced monitoring enabled. fugoonetitle Check if RDS instances has enhanced monitoring enabled. rds_instance_enhanced_monitoring_enabled RDS Instance fugoonetitle does not have enhanced monitoring enabled.

A smaller monitoring interval results in more frequent reporting of OS metrics.

To use Enhanced Monitoring, you must create an IAM role; and then enable Enhanced Monitoring.

PASS low rds ap-south-1 Check if RDS instances has enhanced monitoring enabled. fugo-prod-db Check if RDS instances has enhanced monitoring enabled. rds_instance_enhanced_monitoring_enabled RDS Instance fugo-prod-db has enhanced monitoring enabled.

A smaller monitoring interval results in more frequent reporting of OS metrics.

To use Enhanced Monitoring, you must create an IAM role; and then enable Enhanced Monitoring.

FAIL low rds ap-south-1 Check if RDS instances has enhanced monitoring enabled. fugo-read-db Check if RDS instances has enhanced monitoring enabled. rds_instance_enhanced_monitoring_enabled RDS Instance fugo-read-db does not have enhanced monitoring enabled.

A smaller monitoring interval results in more frequent reporting of OS metrics.

To use Enhanced Monitoring, you must create an IAM role; and then enable Enhanced Monitoring.

FAIL low rds ap-south-1 Check if RDS instances has enhanced monitoring enabled. fugo-stagingknowfugo Check if RDS instances has enhanced monitoring enabled. rds_instance_enhanced_monitoring_enabled RDS Instance fugo-stagingknowfugo does not have enhanced monitoring enabled.

A smaller monitoring interval results in more frequent reporting of OS metrics.

To use Enhanced Monitoring, you must create an IAM role; and then enable Enhanced Monitoring.

FAIL low rds ap-south-1 Check if RDS instances has enhanced monitoring enabled. new-dr-fugoone-db-21-12-2021 Check if RDS instances has enhanced monitoring enabled. rds_instance_enhanced_monitoring_enabled RDS Instance new-dr-fugoone-db-21-12-2021 does not have enhanced monitoring enabled.

A smaller monitoring interval results in more frequent reporting of OS metrics.

To use Enhanced Monitoring, you must create an IAM role; and then enable Enhanced Monitoring.

FAIL medium rds ap-south-1 Check if RDS instances is integrated with CloudWatch Logs. fltitle-db Check if RDS instances is integrated with CloudWatch Logs. rds_instance_integration_cloudwatch_logs RDS Instance fltitle-db does not have CloudWatch Logs enabled.

If logs are not enabled, monitoring of service use and threat analysis is not possible.

Use CloudWatch Logs to perform real-time analysis of the log data. Create alarms and view metrics.

FAIL medium rds ap-south-1 Check if RDS instances is integrated with CloudWatch Logs. fugo-knowfugo Check if RDS instances is integrated with CloudWatch Logs. rds_instance_integration_cloudwatch_logs RDS Instance fugo-knowfugo does not have CloudWatch Logs enabled.

If logs are not enabled, monitoring of service use and threat analysis is not possible.

Use CloudWatch Logs to perform real-time analysis of the log data. Create alarms and view metrics.

FAIL medium rds ap-south-1 Check if RDS instances is integrated with CloudWatch Logs. fugoonetitle Check if RDS instances is integrated with CloudWatch Logs. rds_instance_integration_cloudwatch_logs RDS Instance fugoonetitle does not have CloudWatch Logs enabled.

If logs are not enabled, monitoring of service use and threat analysis is not possible.

Use CloudWatch Logs to perform real-time analysis of the log data. Create alarms and view metrics.

PASS medium rds ap-south-1 Check if RDS instances is integrated with CloudWatch Logs. fugo-prod-db Check if RDS instances is integrated with CloudWatch Logs. rds_instance_integration_cloudwatch_logs RDS Instance fugo-prod-db is shipping audit error general slowquery to CloudWatch Logs.

If logs are not enabled, monitoring of service use and threat analysis is not possible.

Use CloudWatch Logs to perform real-time analysis of the log data. Create alarms and view metrics.

PASS medium rds ap-south-1 Check if RDS instances is integrated with CloudWatch Logs. fugo-read-db Check if RDS instances is integrated with CloudWatch Logs. rds_instance_integration_cloudwatch_logs RDS Instance fugo-read-db is shipping audit error general slowquery to CloudWatch Logs.

If logs are not enabled, monitoring of service use and threat analysis is not possible.

Use CloudWatch Logs to perform real-time analysis of the log data. Create alarms and view metrics.

FAIL medium rds ap-south-1 Check if RDS instances is integrated with CloudWatch Logs. fugo-stagingknowfugo Check if RDS instances is integrated with CloudWatch Logs. rds_instance_integration_cloudwatch_logs RDS Instance fugo-stagingknowfugo does not have CloudWatch Logs enabled.

If logs are not enabled, monitoring of service use and threat analysis is not possible.

Use CloudWatch Logs to perform real-time analysis of the log data. Create alarms and view metrics.

FAIL medium rds ap-south-1 Check if RDS instances is integrated with CloudWatch Logs. new-dr-fugoone-db-21-12-2021 Check if RDS instances is integrated with CloudWatch Logs. rds_instance_integration_cloudwatch_logs RDS Instance new-dr-fugoone-db-21-12-2021 does not have CloudWatch Logs enabled.

If logs are not enabled, monitoring of service use and threat analysis is not possible.

Use CloudWatch Logs to perform real-time analysis of the log data. Create alarms and view metrics.

PASS low rds ap-south-1 Ensure RDS instances have minor version upgrade enabled. fltitle-db Ensure RDS instances have minor version upgrade enabled. rds_instance_minor_version_upgrade_enabled RDS Instance fltitle-db has minor version upgrade enabled.

Auto Minor Version Upgrade is a feature that you can enable to have your database automatically upgraded when a new minor database engine version is available. Minor version upgrades often patch security vulnerabilities and fix bugs and therefore should be applied.

Enable auto minor version upgrade for all databases and environments.

PASS low rds ap-south-1 Ensure RDS instances have minor version upgrade enabled. fugo-knowfugo Ensure RDS instances have minor version upgrade enabled. rds_instance_minor_version_upgrade_enabled RDS Instance fugo-knowfugo has minor version upgrade enabled.

Auto Minor Version Upgrade is a feature that you can enable to have your database automatically upgraded when a new minor database engine version is available. Minor version upgrades often patch security vulnerabilities and fix bugs and therefore should be applied.

Enable auto minor version upgrade for all databases and environments.

PASS low rds ap-south-1 Ensure RDS instances have minor version upgrade enabled. fugoonetitle Ensure RDS instances have minor version upgrade enabled. rds_instance_minor_version_upgrade_enabled RDS Instance fugoonetitle has minor version upgrade enabled.

Auto Minor Version Upgrade is a feature that you can enable to have your database automatically upgraded when a new minor database engine version is available. Minor version upgrades often patch security vulnerabilities and fix bugs and therefore should be applied.

Enable auto minor version upgrade for all databases and environments.

PASS low rds ap-south-1 Ensure RDS instances have minor version upgrade enabled. fugo-prod-db Ensure RDS instances have minor version upgrade enabled. rds_instance_minor_version_upgrade_enabled RDS Instance fugo-prod-db has minor version upgrade enabled.

Auto Minor Version Upgrade is a feature that you can enable to have your database automatically upgraded when a new minor database engine version is available. Minor version upgrades often patch security vulnerabilities and fix bugs and therefore should be applied.

Enable auto minor version upgrade for all databases and environments.

PASS low rds ap-south-1 Ensure RDS instances have minor version upgrade enabled. fugo-read-db Ensure RDS instances have minor version upgrade enabled. rds_instance_minor_version_upgrade_enabled RDS Instance fugo-read-db has minor version upgrade enabled.

Auto Minor Version Upgrade is a feature that you can enable to have your database automatically upgraded when a new minor database engine version is available. Minor version upgrades often patch security vulnerabilities and fix bugs and therefore should be applied.

Enable auto minor version upgrade for all databases and environments.

PASS low rds ap-south-1 Ensure RDS instances have minor version upgrade enabled. fugo-stagingknowfugo Ensure RDS instances have minor version upgrade enabled. rds_instance_minor_version_upgrade_enabled RDS Instance fugo-stagingknowfugo has minor version upgrade enabled.

Auto Minor Version Upgrade is a feature that you can enable to have your database automatically upgraded when a new minor database engine version is available. Minor version upgrades often patch security vulnerabilities and fix bugs and therefore should be applied.

Enable auto minor version upgrade for all databases and environments.

PASS low rds ap-south-1 Ensure RDS instances have minor version upgrade enabled. new-dr-fugoone-db-21-12-2021 Ensure RDS instances have minor version upgrade enabled. rds_instance_minor_version_upgrade_enabled RDS Instance new-dr-fugoone-db-21-12-2021 has minor version upgrade enabled.

Auto Minor Version Upgrade is a feature that you can enable to have your database automatically upgraded when a new minor database engine version is available. Minor version upgrades often patch security vulnerabilities and fix bugs and therefore should be applied.

Enable auto minor version upgrade for all databases and environments.

FAIL medium rds ap-south-1 Check if RDS instances have multi-AZ enabled. fltitle-db Check if RDS instances have multi-AZ enabled. rds_instance_multi_az RDS Instance fltitle-db does not have multi-AZ enabled.

In case of failure, with a single-AZ deployment configuration, should an availability zone specific database failure occur, Amazon RDS can not automatically fail over to the standby availability zone.

Enable multi-AZ deployment for production databases.

FAIL medium rds ap-south-1 Check if RDS instances have multi-AZ enabled. fugo-knowfugo Check if RDS instances have multi-AZ enabled. rds_instance_multi_az RDS Instance fugo-knowfugo does not have multi-AZ enabled.

In case of failure, with a single-AZ deployment configuration, should an availability zone specific database failure occur, Amazon RDS can not automatically fail over to the standby availability zone.

Enable multi-AZ deployment for production databases.

FAIL medium rds ap-south-1 Check if RDS instances have multi-AZ enabled. fugoonetitle Check if RDS instances have multi-AZ enabled. rds_instance_multi_az RDS Instance fugoonetitle does not have multi-AZ enabled.

In case of failure, with a single-AZ deployment configuration, should an availability zone specific database failure occur, Amazon RDS can not automatically fail over to the standby availability zone.

Enable multi-AZ deployment for production databases.

PASS medium rds ap-south-1 Check if RDS instances have multi-AZ enabled. fugo-prod-db Check if RDS instances have multi-AZ enabled. rds_instance_multi_az RDS Instance fugo-prod-db has multi-AZ enabled.

In case of failure, with a single-AZ deployment configuration, should an availability zone specific database failure occur, Amazon RDS can not automatically fail over to the standby availability zone.

Enable multi-AZ deployment for production databases.

FAIL medium rds ap-south-1 Check if RDS instances have multi-AZ enabled. fugo-read-db Check if RDS instances have multi-AZ enabled. rds_instance_multi_az RDS Instance fugo-read-db does not have multi-AZ enabled.

In case of failure, with a single-AZ deployment configuration, should an availability zone specific database failure occur, Amazon RDS can not automatically fail over to the standby availability zone.

Enable multi-AZ deployment for production databases.

FAIL medium rds ap-south-1 Check if RDS instances have multi-AZ enabled. fugo-stagingknowfugo Check if RDS instances have multi-AZ enabled. rds_instance_multi_az RDS Instance fugo-stagingknowfugo does not have multi-AZ enabled.

In case of failure, with a single-AZ deployment configuration, should an availability zone specific database failure occur, Amazon RDS can not automatically fail over to the standby availability zone.

Enable multi-AZ deployment for production databases.

FAIL medium rds ap-south-1 Check if RDS instances have multi-AZ enabled. new-dr-fugoone-db-21-12-2021 Check if RDS instances have multi-AZ enabled. rds_instance_multi_az RDS Instance new-dr-fugoone-db-21-12-2021 does not have multi-AZ enabled.

In case of failure, with a single-AZ deployment configuration, should an availability zone specific database failure occur, Amazon RDS can not automatically fail over to the standby availability zone.

Enable multi-AZ deployment for production databases.

PASS critical rds ap-south-1 Ensure there are no Public Accessible RDS instances. fltitle-db Ensure there are no Public Accessible RDS instances. rds_instance_no_public_access RDS Instance fltitle-db is not Publicly Accessible.

Publicly accessible databases could expose sensitive data to bad actors.

Using an AWS Config rule check for RDS public instances periodically and check there is a business reason for it.

PASS critical rds ap-south-1 Ensure there are no Public Accessible RDS instances. fugo-knowfugo Ensure there are no Public Accessible RDS instances. rds_instance_no_public_access RDS Instance fugo-knowfugo is not Publicly Accessible.

Publicly accessible databases could expose sensitive data to bad actors.

Using an AWS Config rule check for RDS public instances periodically and check there is a business reason for it.

PASS critical rds ap-south-1 Ensure there are no Public Accessible RDS instances. fugoonetitle Ensure there are no Public Accessible RDS instances. rds_instance_no_public_access RDS Instance fugoonetitle is not Publicly Accessible.

Publicly accessible databases could expose sensitive data to bad actors.

Using an AWS Config rule check for RDS public instances periodically and check there is a business reason for it.

PASS critical rds ap-south-1 Ensure there are no Public Accessible RDS instances. fugo-prod-db Ensure there are no Public Accessible RDS instances. rds_instance_no_public_access RDS Instance fugo-prod-db is not Publicly Accessible.

Publicly accessible databases could expose sensitive data to bad actors.

Using an AWS Config rule check for RDS public instances periodically and check there is a business reason for it.

PASS critical rds ap-south-1 Ensure there are no Public Accessible RDS instances. fugo-read-db Ensure there are no Public Accessible RDS instances. rds_instance_no_public_access RDS Instance fugo-read-db is not Publicly Accessible.

Publicly accessible databases could expose sensitive data to bad actors.

Using an AWS Config rule check for RDS public instances periodically and check there is a business reason for it.

PASS critical rds ap-south-1 Ensure there are no Public Accessible RDS instances. fugo-stagingknowfugo Ensure there are no Public Accessible RDS instances. rds_instance_no_public_access RDS Instance fugo-stagingknowfugo is not Publicly Accessible.

Publicly accessible databases could expose sensitive data to bad actors.

Using an AWS Config rule check for RDS public instances periodically and check there is a business reason for it.

PASS critical rds ap-south-1 Ensure there are no Public Accessible RDS instances. new-dr-fugoone-db-21-12-2021 Ensure there are no Public Accessible RDS instances. rds_instance_no_public_access RDS Instance new-dr-fugoone-db-21-12-2021 is not Publicly Accessible.

Publicly accessible databases could expose sensitive data to bad actors.

Using an AWS Config rule check for RDS public instances periodically and check there is a business reason for it.

PASS medium rds ap-south-1 Check if RDS instances storage is encrypted. fltitle-db Check if RDS instances storage is encrypted. rds_instance_storage_encrypted RDS Instance fltitle-db is encrypted.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

PASS medium rds ap-south-1 Check if RDS instances storage is encrypted. fugo-knowfugo Check if RDS instances storage is encrypted. rds_instance_storage_encrypted RDS Instance fugo-knowfugo is encrypted.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

PASS medium rds ap-south-1 Check if RDS instances storage is encrypted. fugoonetitle Check if RDS instances storage is encrypted. rds_instance_storage_encrypted RDS Instance fugoonetitle is encrypted.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

PASS medium rds ap-south-1 Check if RDS instances storage is encrypted. fugo-prod-db Check if RDS instances storage is encrypted. rds_instance_storage_encrypted RDS Instance fugo-prod-db is encrypted.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

PASS medium rds ap-south-1 Check if RDS instances storage is encrypted. fugo-read-db Check if RDS instances storage is encrypted. rds_instance_storage_encrypted RDS Instance fugo-read-db is encrypted.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

PASS medium rds ap-south-1 Check if RDS instances storage is encrypted. fugo-stagingknowfugo Check if RDS instances storage is encrypted. rds_instance_storage_encrypted RDS Instance fugo-stagingknowfugo is encrypted.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

PASS medium rds ap-south-1 Check if RDS instances storage is encrypted. new-dr-fugoone-db-21-12-2021 Check if RDS instances storage is encrypted. rds_instance_storage_encrypted RDS Instance new-dr-fugoone-db-21-12-2021 is encrypted.

If not enabled sensitive information at rest is not protected.

Enable Encryption. Use a CMK where possible. It will provide additional management and privacy benefits.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. demo-audit-rds-before-deletion Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot demo-audit-rds-before-deletion is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. demo-audit-rds-final-snapshot Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot demo-audit-rds-final-snapshot is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. demo-audit-snap Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot demo-audit-snap is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. demo-fugoone-com-db Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot demo-fugoone-com-db is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. demo-fugoone-com-db-snapshot-23-12-2022 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot demo-fugoone-com-db-snapshot-23-12-2022 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. dr-fugo-db-21-12-2022 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot dr-fugo-db-21-12-2022 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. dr-fugo-db-snapshot-23-12-2022 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot dr-fugo-db-snapshot-23-12-2022 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. feb-100-snapshot-before-changing-the-instance-size Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot feb-100-snapshot-before-changing-the-instance-size is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. fltitle-db-10-06 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot fltitle-db-10-06 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. fugo-new-demo-16042020 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot fugo-new-demo-16042020 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. fugo-new-demo-16042020-snapshot-23-12-2022 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot fugo-new-demo-16042020-snapshot-23-12-2022 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. fugo-prod-02-02-22 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot fugo-prod-02-02-22 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. fugo-prod-for-demo-fugoone Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot fugo-prod-for-demo-fugoone is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. fugo-prod-rds-snapshot Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot fugo-prod-rds-snapshot is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. fugo-prod-snap-17-12-2019 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot fugo-prod-snap-17-12-2019 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. fugo-prod-snapshot-10-07-2021 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot fugo-prod-snapshot-10-07-2021 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. fugo-staging-db Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot fugo-staging-db is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. fugo-staging-db-snapshot-23-12-2022 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot fugo-staging-db-snapshot-23-12-2022 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. fugo-stagingknowfugo Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot fugo-stagingknowfugo is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. fugo-test-db Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot fugo-test-db is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. fugo-test-db-snapshot-23-12-2022 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot fugo-test-db-snapshot-23-12-2022 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. instance-upgrade-db Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot instance-upgrade-db is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. july27 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot july27 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. march7-maintainence-production-db Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot march7-maintainence-production-db is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. march7-maintainence-production-db-readonly Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot march7-maintainence-production-db-readonly is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. new-audit-rds-before-deletion Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot new-audit-rds-before-deletion is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. new-audit-rds-final-snapshot Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot new-audit-rds-final-snapshot is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. new-demo-db-10-07-21 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot new-demo-db-10-07-21 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. new-demo-db-10-07-21-snapshot-23-12-2022 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot new-demo-db-10-07-21-snapshot-23-12-2022 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. new-demo-fugo Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot new-demo-fugo is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. new-demo-fugoone-com-june Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot new-demo-fugoone-com-june is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. new-demo-fugoone-com-june-snapshot-23-12-2022 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot new-demo-fugoone-com-june-snapshot-23-12-2022 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. new-fugoone-db-21-12-2021 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot new-fugoone-db-21-12-2021 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. prod-db-before-changing-timezone Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot prod-db-before-changing-timezone is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fltitle-db-2022-12-01-20-05 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fltitle-db-2022-12-01-20-05 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fltitle-db-2022-12-02-20-05 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fltitle-db-2022-12-02-20-05 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fltitle-db-2022-12-03-20-05 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fltitle-db-2022-12-03-20-05 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fltitle-db-2022-12-04-20-05 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fltitle-db-2022-12-04-20-05 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fltitle-db-2022-12-05-20-05 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fltitle-db-2022-12-05-20-05 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fltitle-db-2022-12-06-20-05 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fltitle-db-2022-12-06-20-05 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fltitle-db-2022-12-07-20-05 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fltitle-db-2022-12-07-20-05 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fltitle-db-2022-12-15-19-11 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fltitle-db-2022-12-15-19-11 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fltitle-db-2022-12-20-08-52 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fltitle-db-2022-12-20-08-52 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fltitle-db-2022-12-23-08-27 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fltitle-db-2022-12-23-08-27 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-knowfugo-2022-12-01-20-06 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-knowfugo-2022-12-01-20-06 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-knowfugo-2022-12-02-20-06 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-knowfugo-2022-12-02-20-06 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-knowfugo-2022-12-03-20-06 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-knowfugo-2022-12-03-20-06 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-knowfugo-2022-12-04-20-06 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-knowfugo-2022-12-04-20-06 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-knowfugo-2022-12-05-20-06 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-knowfugo-2022-12-05-20-06 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-knowfugo-2022-12-06-20-07 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-knowfugo-2022-12-06-20-07 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-knowfugo-2022-12-07-20-06 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-knowfugo-2022-12-07-20-06 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-knowfugo-2022-12-16-13-44 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-knowfugo-2022-12-16-13-44 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-knowfugo-2022-12-20-09-02 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-knowfugo-2022-12-20-09-02 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-knowfugo-2022-12-23-08-27 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-knowfugo-2022-12-23-08-27 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugoonetitle-2022-12-09-20-06 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugoonetitle-2022-12-09-20-06 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugoonetitle-2022-12-10-20-05 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugoonetitle-2022-12-10-20-05 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugoonetitle-2022-12-11-20-05 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugoonetitle-2022-12-11-20-05 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugoonetitle-2022-12-12-20-05 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugoonetitle-2022-12-12-20-05 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugoonetitle-2022-12-13-20-05 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugoonetitle-2022-12-13-20-05 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugoonetitle-2022-12-14-20-05 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugoonetitle-2022-12-14-20-05 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugoonetitle-2022-12-15-20-06 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugoonetitle-2022-12-15-20-06 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugoonetitle-2022-12-20-11-51 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugoonetitle-2022-12-20-11-51 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugoonetitle-2022-12-22-11-51 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugoonetitle-2022-12-22-11-51 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugoonetitle-2022-12-22-20-05 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugoonetitle-2022-12-22-20-05 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-prod-db-2022-12-21-20-07 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-prod-db-2022-12-21-20-07 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-prod-db-2022-12-22-20-07 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-prod-db-2022-12-22-20-07 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-prod-db-2022-12-23-20-07 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-prod-db-2022-12-23-20-07 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-prod-db-2022-12-24-20-08 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-prod-db-2022-12-24-20-08 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-prod-db-2022-12-25-20-07 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-prod-db-2022-12-25-20-07 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-prod-db-2022-12-26-20-07 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-prod-db-2022-12-26-20-07 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-prod-db-2022-12-27-20-08 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-prod-db-2022-12-27-20-08 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-prod-db-2022-12-28-20-07 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-prod-db-2022-12-28-20-07 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-prod-rds-2022-12-23-12-09 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-prod-rds-2022-12-23-12-09 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-prod-rds-2022-12-23-20-05 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-prod-rds-2022-12-23-20-05 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-prod-rds-2022-12-24-20-06 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-prod-rds-2022-12-24-20-06 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-stagingknowfugo-2022-11-30-19-58 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-stagingknowfugo-2022-11-30-19-58 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-stagingknowfugo-2022-12-01-19-58 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-stagingknowfugo-2022-12-01-19-58 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-stagingknowfugo-2022-12-02-19-58 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-stagingknowfugo-2022-12-02-19-58 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-stagingknowfugo-2022-12-03-19-58 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-stagingknowfugo-2022-12-03-19-58 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-stagingknowfugo-2022-12-04-19-58 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-stagingknowfugo-2022-12-04-19-58 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-stagingknowfugo-2022-12-12-13-44 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-stagingknowfugo-2022-12-12-13-44 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-stagingknowfugo-2022-12-12-19-58 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-stagingknowfugo-2022-12-12-19-58 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-stagingknowfugo-2022-12-13-19-59 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-stagingknowfugo-2022-12-13-19-59 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-stagingknowfugo-2022-12-14-19-59 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-stagingknowfugo-2022-12-14-19-59 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-stagingknowfugo-2022-12-20-12-55 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-stagingknowfugo-2022-12-20-12-55 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:fugo-stagingknowfugo-2022-12-23-08-31 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:fugo-stagingknowfugo-2022-12-23-08-31 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:new-dr-fugoone-db-21-12-2021-2022-12-15-20-04 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:new-dr-fugoone-db-21-12-2021-2022-12-15-20-04 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:new-dr-fugoone-db-21-12-2021-2022-12-20-12-31 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:new-dr-fugoone-db-21-12-2021-2022-12-20-12-31 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:new-dr-fugoone-db-21-12-2021-2022-12-20-20-05 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:new-dr-fugoone-db-21-12-2021-2022-12-20-20-05 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:new-dr-fugoone-db-21-12-2021-2022-12-21-20-05 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:new-dr-fugoone-db-21-12-2021-2022-12-21-20-05 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:new-dr-fugoone-db-21-12-2021-2022-12-22-20-05 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:new-dr-fugoone-db-21-12-2021-2022-12-22-20-05 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:new-dr-fugoone-db-21-12-2021-2022-12-23-20-05 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:new-dr-fugoone-db-21-12-2021-2022-12-23-20-05 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:new-dr-fugoone-db-21-12-2021-2022-12-24-20-05 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:new-dr-fugoone-db-21-12-2021-2022-12-24-20-05 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:new-dr-fugoone-db-21-12-2021-2022-12-25-20-05 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:new-dr-fugoone-db-21-12-2021-2022-12-25-20-05 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:new-dr-fugoone-db-21-12-2021-2022-12-28-09-33 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:new-dr-fugoone-db-21-12-2021-2022-12-28-09-33 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. rds:new-dr-fugoone-db-21-12-2021-2022-12-28-20-06 Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot rds:new-dr-fugoone-db-21-12-2021-2022-12-28-20-06 is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. test-drill-db-before-deletion Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot test-drill-db-before-deletion is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. test-drill-db-final-snapshot Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Instance Snapshot test-drill-db-final-snapshot is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. fugo-prod-db-final-snapshot Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Cluster Snapshot fugo-prod-db-final-snapshot is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS critical rds ap-south-1 Check if RDS Snapshots and Cluster Snapshots are public. fugo-production-db-instance-1-ap-south-1b-final-snapshot Check if RDS Snapshots and Cluster Snapshots are public. rds_snapshots_public_access RDS Cluster Snapshot fugo-production-db-instance-1-ap-south-1b-final-snapshot is not shared.

Publicly accessible services could expose sensitive data to bad actors. t is recommended that your RDS snapshots should not be public in order to prevent potential leak or misuse of sensitive data or any other kind of security threat. If your RDS snapshot is public, then the data which is backed up in that snapshot is accessible to all other AWS accounts.

Use AWS Config to identify any snapshot that is public.

PASS medium route53 us-east-1 Enable Privacy Protection for for a Route53 Domain. fugoams.com Enable Privacy Protection for for a Route53 Domain. route53_domains_privacy_protection_enabled Contact information is private for the fugoams.com domain

Without privacy protection enabled, ones personal information is published to the public WHOIS database.

Ensure default Privacy is enabled.

PASS medium route53 us-east-1 Enable Privacy Protection for for a Route53 Domain. fugoone.com Enable Privacy Protection for for a Route53 Domain. route53_domains_privacy_protection_enabled Contact information is private for the fugoone.com domain

Without privacy protection enabled, ones personal information is published to the public WHOIS database.

Ensure default Privacy is enabled.

PASS medium route53 us-east-1 Enable Privacy Protection for for a Route53 Domain. fugotitlehub.com Enable Privacy Protection for for a Route53 Domain. route53_domains_privacy_protection_enabled Contact information is private for the fugotitlehub.com domain

Without privacy protection enabled, ones personal information is published to the public WHOIS database.

Ensure default Privacy is enabled.

FAIL medium route53 us-east-1 Enable Transfer Lock for a Route53 Domain. fugoams.com Enable Transfer Lock for a Route53 Domain. route53_domains_transferlock_enabled Transfer Lock is disabled for the fugoams.com domain

Without transfer lock enabled; a domain name could be incorrectly moved to a new registrar.

Ensure transfer lock is enabled.

FAIL medium route53 us-east-1 Enable Transfer Lock for a Route53 Domain. fugoone.com Enable Transfer Lock for a Route53 Domain. route53_domains_transferlock_enabled Transfer Lock is disabled for the fugoone.com domain

Without transfer lock enabled; a domain name could be incorrectly moved to a new registrar.

Ensure transfer lock is enabled.

FAIL medium route53 us-east-1 Enable Transfer Lock for a Route53 Domain. fugotitlehub.com Enable Transfer Lock for a Route53 Domain. route53_domains_transferlock_enabled Transfer Lock is disabled for the fugotitlehub.com domain

Without transfer lock enabled; a domain name could be incorrectly moved to a new registrar.

Ensure transfer lock is enabled.

FAIL medium route53 ap-south-1 Check if Route53 public hosted zones are logging queries to CloudWatch Logs. Z1WWBJXPILX7PR Check if Route53 public hosted zones are logging queries to CloudWatch Logs. route53_public_hosted_zones_cloudwatch_logging_enabled Route53 Public Hosted Zone Z1WWBJXPILX7PR has query logging disabled

If logs are not enabled; monitoring of service use and threat analysis is not possible.

Enable CloudWatch logs and define metrics and uses cases for the events recorded.

FAIL high s3 ap-south-1 Check S3 Account Level Public Access Block. 207592916039 Check S3 Account Level Public Access Block. s3_account_level_public_access_blocks Block Public Access is not configured for the account 207592916039.

Public access policies may be applied to sensitive data buckets.

You can enable Public Access Block at the account level to prevent the exposure of your data stored in S3.

PASS medium s3 ap-south-1 Check if S3 buckets have ACLs enabled dr-fugoone-281222 Check if S3 buckets have ACLs enabled s3_bucket_acl_prohibited S3 Bucket dr-fugoone-281222 has bucket ACLs disabled.

S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.

Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.

FAIL medium s3 ap-south-1 Check if S3 buckets have ACLs enabled fugo-config Check if S3 buckets have ACLs enabled s3_bucket_acl_prohibited S3 Bucket fugo-config has bucket ACLs enabled.

S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.

Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.

FAIL medium s3 ap-south-1 Check if S3 buckets have ACLs enabled fugo-doc Check if S3 buckets have ACLs enabled s3_bucket_acl_prohibited S3 Bucket fugo-doc has bucket ACLs enabled.

S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.

Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.

PASS medium s3 ap-south-1 Check if S3 buckets have ACLs enabled fugo-rds-db-backup Check if S3 buckets have ACLs enabled s3_bucket_acl_prohibited S3 Bucket fugo-rds-db-backup has bucket ACLs disabled.

S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.

Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.

FAIL medium s3 ap-south-1 Check if S3 buckets have ACLs enabled fugologs Check if S3 buckets have ACLs enabled s3_bucket_acl_prohibited S3 Bucket fugologs has bucket ACLs enabled.

S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.

Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.

PASS medium s3 ap-south-1 Check if S3 buckets have ACLs enabled fugostaging Check if S3 buckets have ACLs enabled s3_bucket_acl_prohibited S3 Bucket fugostaging has bucket ACLs disabled.

S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.

Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.

FAIL medium s3 us-east-1 Check if S3 buckets have ACLs enabled cf-templates-1ip9vfxtvbz1u-us-east-1 Check if S3 buckets have ACLs enabled s3_bucket_acl_prohibited S3 Bucket cf-templates-1ip9vfxtvbz1u-us-east-1 has bucket ACLs enabled.

S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.

Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.

FAIL medium s3 us-west-2 Check if S3 buckets have ACLs enabled war-nops-207592916039 Check if S3 buckets have ACLs enabled s3_bucket_acl_prohibited S3 Bucket war-nops-207592916039 has bucket ACLs enabled.

S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.

Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.

FAIL medium s3 us-west-2 Check if S3 buckets have ACLs enabled warcost Check if S3 buckets have ACLs enabled s3_bucket_acl_prohibited S3 Bucket warcost has bucket ACLs enabled.

S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods.

Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.

FAIL medium s3 ap-south-1 Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. dr-fugoone-281222 Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. s3_bucket_default_encryption Server Side Encryption is not configured for S3 Bucket dr-fugoone-281222.

Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.

Ensure that S3 buckets has encryption at rest enabled.

FAIL medium s3 ap-south-1 Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. fugo-config Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. s3_bucket_default_encryption Server Side Encryption is not configured for S3 Bucket fugo-config.

Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.

Ensure that S3 buckets has encryption at rest enabled.

PASS medium s3 ap-south-1 Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. fugo-doc Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. s3_bucket_default_encryption S3 Bucket fugo-doc has Server Side Encryption with AES256.

Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.

Ensure that S3 buckets has encryption at rest enabled.

FAIL medium s3 ap-south-1 Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. fugo-rds-db-backup Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. s3_bucket_default_encryption Server Side Encryption is not configured for S3 Bucket fugo-rds-db-backup.

Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.

Ensure that S3 buckets has encryption at rest enabled.

PASS medium s3 ap-south-1 Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. fugologs Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. s3_bucket_default_encryption S3 Bucket fugologs has Server Side Encryption with AES256.

Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.

Ensure that S3 buckets has encryption at rest enabled.

FAIL medium s3 ap-south-1 Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. fugostaging Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. s3_bucket_default_encryption Server Side Encryption is not configured for S3 Bucket fugostaging.

Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.

Ensure that S3 buckets has encryption at rest enabled.

PASS medium s3 us-east-1 Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. cf-templates-1ip9vfxtvbz1u-us-east-1 Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. s3_bucket_default_encryption S3 Bucket cf-templates-1ip9vfxtvbz1u-us-east-1 has Server Side Encryption with AES256.

Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.

Ensure that S3 buckets has encryption at rest enabled.

PASS medium s3 us-west-2 Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. war-nops-207592916039 Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. s3_bucket_default_encryption S3 Bucket war-nops-207592916039 has Server Side Encryption with AES256.

Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.

Ensure that S3 buckets has encryption at rest enabled.

PASS medium s3 us-west-2 Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. warcost Check if S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it. s3_bucket_default_encryption S3 Bucket warcost has Server Side Encryption with AES256.

Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. This will ensure data-at-rest is encrypted.

Ensure that S3 buckets has encryption at rest enabled.

FAIL medium s3 ap-south-1 Check if S3 bucket MFA Delete is not enabled. dr-fugoone-281222 Check if S3 bucket MFA Delete is not enabled. s3_bucket_no_mfa_delete S3 Bucket dr-fugoone-281222 has MFA Delete disabled.

Your security credentials are compromised or unauthorized access is granted.

Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.

FAIL medium s3 ap-south-1 Check if S3 bucket MFA Delete is not enabled. fugo-config Check if S3 bucket MFA Delete is not enabled. s3_bucket_no_mfa_delete S3 Bucket fugo-config has MFA Delete disabled.

Your security credentials are compromised or unauthorized access is granted.

Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.

FAIL medium s3 ap-south-1 Check if S3 bucket MFA Delete is not enabled. fugo-doc Check if S3 bucket MFA Delete is not enabled. s3_bucket_no_mfa_delete S3 Bucket fugo-doc has MFA Delete disabled.

Your security credentials are compromised or unauthorized access is granted.

Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.

FAIL medium s3 ap-south-1 Check if S3 bucket MFA Delete is not enabled. fugo-rds-db-backup Check if S3 bucket MFA Delete is not enabled. s3_bucket_no_mfa_delete S3 Bucket fugo-rds-db-backup has MFA Delete disabled.

Your security credentials are compromised or unauthorized access is granted.

Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.

FAIL medium s3 ap-south-1 Check if S3 bucket MFA Delete is not enabled. fugologs Check if S3 bucket MFA Delete is not enabled. s3_bucket_no_mfa_delete S3 Bucket fugologs has MFA Delete disabled.

Your security credentials are compromised or unauthorized access is granted.

Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.

FAIL medium s3 ap-south-1 Check if S3 bucket MFA Delete is not enabled. fugostaging Check if S3 bucket MFA Delete is not enabled. s3_bucket_no_mfa_delete S3 Bucket fugostaging has MFA Delete disabled.

Your security credentials are compromised or unauthorized access is granted.

Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.

FAIL medium s3 us-east-1 Check if S3 bucket MFA Delete is not enabled. cf-templates-1ip9vfxtvbz1u-us-east-1 Check if S3 bucket MFA Delete is not enabled. s3_bucket_no_mfa_delete S3 Bucket cf-templates-1ip9vfxtvbz1u-us-east-1 has MFA Delete disabled.

Your security credentials are compromised or unauthorized access is granted.

Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.

FAIL medium s3 us-west-2 Check if S3 bucket MFA Delete is not enabled. war-nops-207592916039 Check if S3 bucket MFA Delete is not enabled. s3_bucket_no_mfa_delete S3 Bucket war-nops-207592916039 has MFA Delete disabled.

Your security credentials are compromised or unauthorized access is granted.

Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.

FAIL medium s3 us-west-2 Check if S3 bucket MFA Delete is not enabled. warcost Check if S3 bucket MFA Delete is not enabled. s3_bucket_no_mfa_delete S3 Bucket warcost has MFA Delete disabled.

Your security credentials are compromised or unauthorized access is granted.

Adding MFA delete to an S3 bucket, requires additional authentication when you change the version state of your bucket or you delete and object version adding another layer of security in the event your security credentials are compromised or unauthorized access is granted.

FAIL medium s3 ap-south-1 Check if S3 buckets have object versioning enabled dr-fugoone-281222 Check if S3 buckets have object versioning enabled s3_bucket_object_versioning S3 Bucket dr-fugoone-281222 has versioning disabled.

With versioning, you can easily recover from both unintended user actions and application failures.

Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frecuently; and backup may not be enough to capture all the changes.

FAIL medium s3 ap-south-1 Check if S3 buckets have object versioning enabled fugo-config Check if S3 buckets have object versioning enabled s3_bucket_object_versioning S3 Bucket fugo-config has versioning disabled.

With versioning, you can easily recover from both unintended user actions and application failures.

Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frecuently; and backup may not be enough to capture all the changes.

FAIL medium s3 ap-south-1 Check if S3 buckets have object versioning enabled fugo-doc Check if S3 buckets have object versioning enabled s3_bucket_object_versioning S3 Bucket fugo-doc has versioning disabled.

With versioning, you can easily recover from both unintended user actions and application failures.

Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frecuently; and backup may not be enough to capture all the changes.

FAIL medium s3 ap-south-1 Check if S3 buckets have object versioning enabled fugo-rds-db-backup Check if S3 buckets have object versioning enabled s3_bucket_object_versioning S3 Bucket fugo-rds-db-backup has versioning disabled.

With versioning, you can easily recover from both unintended user actions and application failures.

Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frecuently; and backup may not be enough to capture all the changes.

PASS medium s3 ap-south-1 Check if S3 buckets have object versioning enabled fugologs Check if S3 buckets have object versioning enabled s3_bucket_object_versioning S3 Bucket fugologs has versioning enabled.

With versioning, you can easily recover from both unintended user actions and application failures.

Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frecuently; and backup may not be enough to capture all the changes.

FAIL medium s3 ap-south-1 Check if S3 buckets have object versioning enabled fugostaging Check if S3 buckets have object versioning enabled s3_bucket_object_versioning S3 Bucket fugostaging has versioning disabled.

With versioning, you can easily recover from both unintended user actions and application failures.

Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frecuently; and backup may not be enough to capture all the changes.

FAIL medium s3 us-east-1 Check if S3 buckets have object versioning enabled cf-templates-1ip9vfxtvbz1u-us-east-1 Check if S3 buckets have object versioning enabled s3_bucket_object_versioning S3 Bucket cf-templates-1ip9vfxtvbz1u-us-east-1 has versioning disabled.

With versioning, you can easily recover from both unintended user actions and application failures.

Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frecuently; and backup may not be enough to capture all the changes.

FAIL medium s3 us-west-2 Check if S3 buckets have object versioning enabled war-nops-207592916039 Check if S3 buckets have object versioning enabled s3_bucket_object_versioning S3 Bucket war-nops-207592916039 has versioning disabled.

With versioning, you can easily recover from both unintended user actions and application failures.

Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frecuently; and backup may not be enough to capture all the changes.

FAIL medium s3 us-west-2 Check if S3 buckets have object versioning enabled warcost Check if S3 buckets have object versioning enabled s3_bucket_object_versioning S3 Bucket warcost has versioning disabled.

With versioning, you can easily recover from both unintended user actions and application failures.

Configure versioning using the Amazon console or API for buckets with sensitive information that is changing frecuently; and backup may not be enough to capture all the changes.

PASS critical s3 ap-south-1 Check if S3 buckets have policies which allow WRITE access. dr-fugoone-281222 Check if S3 buckets have policies which allow WRITE access. s3_bucket_policy_public_write_access S3 Bucket dr-fugoone-281222 does not have a bucket policy.

Non intended users can put objects in a given bucket.

Ensure proper bucket policy is in place with the least privilege principle applied.

PASS critical s3 ap-south-1 Check if S3 buckets have policies which allow WRITE access. fugo-config Check if S3 buckets have policies which allow WRITE access. s3_bucket_policy_public_write_access S3 Bucket fugo-config does not allow public write access in the bucket policy.

Non intended users can put objects in a given bucket.

Ensure proper bucket policy is in place with the least privilege principle applied.

PASS critical s3 ap-south-1 Check if S3 buckets have policies which allow WRITE access. fugo-doc Check if S3 buckets have policies which allow WRITE access. s3_bucket_policy_public_write_access S3 Bucket fugo-doc does not allow public write access in the bucket policy.

Non intended users can put objects in a given bucket.

Ensure proper bucket policy is in place with the least privilege principle applied.

PASS critical s3 ap-south-1 Check if S3 buckets have policies which allow WRITE access. fugo-rds-db-backup Check if S3 buckets have policies which allow WRITE access. s3_bucket_policy_public_write_access S3 Bucket fugo-rds-db-backup does not have a bucket policy.

Non intended users can put objects in a given bucket.

Ensure proper bucket policy is in place with the least privilege principle applied.

PASS critical s3 ap-south-1 Check if S3 buckets have policies which allow WRITE access. fugologs Check if S3 buckets have policies which allow WRITE access. s3_bucket_policy_public_write_access S3 Bucket fugologs does not allow public write access in the bucket policy.

Non intended users can put objects in a given bucket.

Ensure proper bucket policy is in place with the least privilege principle applied.

PASS critical s3 ap-south-1 Check if S3 buckets have policies which allow WRITE access. fugostaging Check if S3 buckets have policies which allow WRITE access. s3_bucket_policy_public_write_access S3 Bucket fugostaging does not have a bucket policy.

Non intended users can put objects in a given bucket.

Ensure proper bucket policy is in place with the least privilege principle applied.

PASS critical s3 us-east-1 Check if S3 buckets have policies which allow WRITE access. cf-templates-1ip9vfxtvbz1u-us-east-1 Check if S3 buckets have policies which allow WRITE access. s3_bucket_policy_public_write_access S3 Bucket cf-templates-1ip9vfxtvbz1u-us-east-1 does not have a bucket policy.

Non intended users can put objects in a given bucket.

Ensure proper bucket policy is in place with the least privilege principle applied.

PASS critical s3 us-west-2 Check if S3 buckets have policies which allow WRITE access. war-nops-207592916039 Check if S3 buckets have policies which allow WRITE access. s3_bucket_policy_public_write_access S3 Bucket war-nops-207592916039 does not allow public write access in the bucket policy.

Non intended users can put objects in a given bucket.

Ensure proper bucket policy is in place with the least privilege principle applied.

PASS critical s3 us-west-2 Check if S3 buckets have policies which allow WRITE access. warcost Check if S3 buckets have policies which allow WRITE access. s3_bucket_policy_public_write_access S3 Bucket warcost does not allow public write access in the bucket policy.

Non intended users can put objects in a given bucket.

Ensure proper bucket policy is in place with the least privilege principle applied.

PASS critical s3 ap-south-1 Ensure there are no S3 buckets open to Everyone or Any AWS user. dr-fugoone-281222 Ensure there are no S3 buckets open to Everyone or Any AWS user. s3_bucket_public_access S3 Bucket dr-fugoone-281222 is not public.

Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.

You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account; the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.

PASS critical s3 ap-south-1 Ensure there are no S3 buckets open to Everyone or Any AWS user. fugo-config Ensure there are no S3 buckets open to Everyone or Any AWS user. s3_bucket_public_access S3 Bucket fugo-config is not public.

Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.

You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account; the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.

PASS critical s3 ap-south-1 Ensure there are no S3 buckets open to Everyone or Any AWS user. fugo-doc Ensure there are no S3 buckets open to Everyone or Any AWS user. s3_bucket_public_access S3 Bucket fugo-doc is not public.

Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.

You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account; the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.

PASS critical s3 ap-south-1 Ensure there are no S3 buckets open to Everyone or Any AWS user. fugo-rds-db-backup Ensure there are no S3 buckets open to Everyone or Any AWS user. s3_bucket_public_access S3 Bucket fugo-rds-db-backup is not public.

Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.

You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account; the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.

PASS critical s3 ap-south-1 Ensure there are no S3 buckets open to Everyone or Any AWS user. fugologs Ensure there are no S3 buckets open to Everyone or Any AWS user. s3_bucket_public_access S3 Bucket fugologs is not public.

Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.

You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account; the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.

PASS critical s3 ap-south-1 Ensure there are no S3 buckets open to Everyone or Any AWS user. fugostaging Ensure there are no S3 buckets open to Everyone or Any AWS user. s3_bucket_public_access S3 Bucket fugostaging is not public.

Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.

You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account; the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.

PASS critical s3 us-east-1 Ensure there are no S3 buckets open to Everyone or Any AWS user. cf-templates-1ip9vfxtvbz1u-us-east-1 Ensure there are no S3 buckets open to Everyone or Any AWS user. s3_bucket_public_access S3 Bucket cf-templates-1ip9vfxtvbz1u-us-east-1 is not public.

Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.

You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account; the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.

PASS critical s3 us-west-2 Ensure there are no S3 buckets open to Everyone or Any AWS user. war-nops-207592916039 Ensure there are no S3 buckets open to Everyone or Any AWS user. s3_bucket_public_access S3 Bucket war-nops-207592916039 is not public.

Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.

You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account; the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.

PASS critical s3 us-west-2 Ensure there are no S3 buckets open to Everyone or Any AWS user. warcost Ensure there are no S3 buckets open to Everyone or Any AWS user. s3_bucket_public_access S3 Bucket warcost is not public.

Even if you enable all possible bucket ACL options available in the Amazon S3 console the ACL alone does not allow everyone to download objects from your bucket. Depending on which option you select any user could perform some actions.

You can enable block public access settings only for access points, buckets and AWS accounts. Amazon S3 does not support block public access settings on a per-object basis. When you apply block public access settings to an account; the settings apply to all AWS Regions globally. The settings might not take effect in all Regions immediately or simultaneously, but they eventually propagate to all Regions.

FAIL medium s3 ap-south-1 Check if S3 buckets have secure transport policy. dr-fugoone-281222 Check if S3 buckets have secure transport policy. s3_bucket_secure_transport_policy S3 Bucket dr-fugoone-281222 does not have a bucket policy, thus it allows HTTP requests.

If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.

Ensure that S3 buckets has encryption in transit enabled.

FAIL medium s3 ap-south-1 Check if S3 buckets have secure transport policy. fugo-config Check if S3 buckets have secure transport policy. s3_bucket_secure_transport_policy S3 Bucket fugo-config allows requests over insecure transport in the bucket policy.

If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.

Ensure that S3 buckets has encryption in transit enabled.

FAIL medium s3 ap-south-1 Check if S3 buckets have secure transport policy. fugo-doc Check if S3 buckets have secure transport policy. s3_bucket_secure_transport_policy S3 Bucket fugo-doc allows requests over insecure transport in the bucket policy.

If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.

Ensure that S3 buckets has encryption in transit enabled.

FAIL medium s3 ap-south-1 Check if S3 buckets have secure transport policy. fugo-rds-db-backup Check if S3 buckets have secure transport policy. s3_bucket_secure_transport_policy S3 Bucket fugo-rds-db-backup does not have a bucket policy, thus it allows HTTP requests.

If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.

Ensure that S3 buckets has encryption in transit enabled.

FAIL medium s3 ap-south-1 Check if S3 buckets have secure transport policy. fugologs Check if S3 buckets have secure transport policy. s3_bucket_secure_transport_policy S3 Bucket fugologs allows requests over insecure transport in the bucket policy.

If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.

Ensure that S3 buckets has encryption in transit enabled.

FAIL medium s3 ap-south-1 Check if S3 buckets have secure transport policy. fugostaging Check if S3 buckets have secure transport policy. s3_bucket_secure_transport_policy S3 Bucket fugostaging does not have a bucket policy, thus it allows HTTP requests.

If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.

Ensure that S3 buckets has encryption in transit enabled.

FAIL medium s3 us-east-1 Check if S3 buckets have secure transport policy. cf-templates-1ip9vfxtvbz1u-us-east-1 Check if S3 buckets have secure transport policy. s3_bucket_secure_transport_policy S3 Bucket cf-templates-1ip9vfxtvbz1u-us-east-1 does not have a bucket policy, thus it allows HTTP requests.

If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.

Ensure that S3 buckets has encryption in transit enabled.

FAIL medium s3 us-west-2 Check if S3 buckets have secure transport policy. war-nops-207592916039 Check if S3 buckets have secure transport policy. s3_bucket_secure_transport_policy S3 Bucket war-nops-207592916039 allows requests over insecure transport in the bucket policy.

If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.

Ensure that S3 buckets has encryption in transit enabled.

FAIL medium s3 us-west-2 Check if S3 buckets have secure transport policy. warcost Check if S3 buckets have secure transport policy. s3_bucket_secure_transport_policy S3 Bucket warcost allows requests over insecure transport in the bucket policy.

If HTTPS is not enforced on the bucket policy, communication between clients and S3 buckets can use unencrypted HTTP. As a result, sensitive information could be transmitted in clear text over the network or internet.

Ensure that S3 buckets has encryption in transit enabled.

FAIL medium s3 ap-south-1 Check if S3 buckets have server access logging enabled dr-fugoone-281222 Check if S3 buckets have server access logging enabled s3_bucket_server_access_logging_enabled S3 Bucket dr-fugoone-281222 has server access logging disabled.

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.

FAIL medium s3 ap-south-1 Check if S3 buckets have server access logging enabled fugo-config Check if S3 buckets have server access logging enabled s3_bucket_server_access_logging_enabled S3 Bucket fugo-config has server access logging disabled.

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.

FAIL medium s3 ap-south-1 Check if S3 buckets have server access logging enabled fugo-doc Check if S3 buckets have server access logging enabled s3_bucket_server_access_logging_enabled S3 Bucket fugo-doc has server access logging disabled.

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.

FAIL medium s3 ap-south-1 Check if S3 buckets have server access logging enabled fugo-rds-db-backup Check if S3 buckets have server access logging enabled s3_bucket_server_access_logging_enabled S3 Bucket fugo-rds-db-backup has server access logging disabled.

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.

PASS medium s3 ap-south-1 Check if S3 buckets have server access logging enabled fugologs Check if S3 buckets have server access logging enabled s3_bucket_server_access_logging_enabled S3 Bucket fugologs has server access logging enabled.

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.

FAIL medium s3 ap-south-1 Check if S3 buckets have server access logging enabled fugostaging Check if S3 buckets have server access logging enabled s3_bucket_server_access_logging_enabled S3 Bucket fugostaging has server access logging disabled.

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.

FAIL medium s3 us-east-1 Check if S3 buckets have server access logging enabled cf-templates-1ip9vfxtvbz1u-us-east-1 Check if S3 buckets have server access logging enabled s3_bucket_server_access_logging_enabled S3 Bucket cf-templates-1ip9vfxtvbz1u-us-east-1 has server access logging disabled.

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.

FAIL medium s3 us-west-2 Check if S3 buckets have server access logging enabled war-nops-207592916039 Check if S3 buckets have server access logging enabled s3_bucket_server_access_logging_enabled S3 Bucket war-nops-207592916039 has server access logging disabled.

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.

FAIL medium s3 us-west-2 Check if S3 buckets have server access logging enabled warcost Check if S3 buckets have server access logging enabled s3_bucket_server_access_logging_enabled S3 Bucket warcost has server access logging disabled.

Server access logs can assist you in security and access audits; help you learn about your customer base; and understand your Amazon S3 bill.

Ensure that S3 buckets have Logging enabled. CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.

FAIL high securityhub ap-northeast-1 Check if Security Hub is enabled and its standard subscriptions. Security Hub Check if Security Hub is enabled and its standard subscriptions. securityhub_enabled Security Hub is not enabled

AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts.

Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.

FAIL high securityhub ap-northeast-2 Check if Security Hub is enabled and its standard subscriptions. Security Hub Check if Security Hub is enabled and its standard subscriptions. securityhub_enabled Security Hub is not enabled

AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts.

Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.

FAIL high securityhub ap-northeast-3 Check if Security Hub is enabled and its standard subscriptions. Security Hub Check if Security Hub is enabled and its standard subscriptions. securityhub_enabled Security Hub is not enabled

AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts.

Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.

PASS high securityhub ap-south-1 Check if Security Hub is enabled and its standard subscriptions. default Check if Security Hub is enabled and its standard subscriptions. securityhub_enabled Security Hub is enabled with standards cis-aws-foundations-benchmark aws-foundational-security-best-practices cis-aws-foundations-benchmark

AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts.

Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.

FAIL high securityhub ap-southeast-1 Check if Security Hub is enabled and its standard subscriptions. Security Hub Check if Security Hub is enabled and its standard subscriptions. securityhub_enabled Security Hub is not enabled

AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts.

Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.

FAIL high securityhub ap-southeast-2 Check if Security Hub is enabled and its standard subscriptions. Security Hub Check if Security Hub is enabled and its standard subscriptions. securityhub_enabled Security Hub is not enabled

AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts.

Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.

FAIL high securityhub ca-central-1 Check if Security Hub is enabled and its standard subscriptions. Security Hub Check if Security Hub is enabled and its standard subscriptions. securityhub_enabled Security Hub is not enabled

AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts.

Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.

FAIL high securityhub eu-central-1 Check if Security Hub is enabled and its standard subscriptions. Security Hub Check if Security Hub is enabled and its standard subscriptions. securityhub_enabled Security Hub is not enabled

AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts.

Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.

FAIL high securityhub eu-north-1 Check if Security Hub is enabled and its standard subscriptions. Security Hub Check if Security Hub is enabled and its standard subscriptions. securityhub_enabled Security Hub is not enabled

AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts.

Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.

FAIL high securityhub eu-west-1 Check if Security Hub is enabled and its standard subscriptions. Security Hub Check if Security Hub is enabled and its standard subscriptions. securityhub_enabled Security Hub is not enabled

AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts.

Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.

FAIL high securityhub eu-west-2 Check if Security Hub is enabled and its standard subscriptions. Security Hub Check if Security Hub is enabled and its standard subscriptions. securityhub_enabled Security Hub is not enabled

AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts.

Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.

FAIL high securityhub eu-west-3 Check if Security Hub is enabled and its standard subscriptions. Security Hub Check if Security Hub is enabled and its standard subscriptions. securityhub_enabled Security Hub is not enabled

AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts.

Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.

FAIL high securityhub sa-east-1 Check if Security Hub is enabled and its standard subscriptions. Security Hub Check if Security Hub is enabled and its standard subscriptions. securityhub_enabled Security Hub is not enabled

AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts.

Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.

FAIL high securityhub us-east-1 Check if Security Hub is enabled and its standard subscriptions. Security Hub Check if Security Hub is enabled and its standard subscriptions. securityhub_enabled Security Hub is not enabled

AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts.

Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.

FAIL high securityhub us-east-2 Check if Security Hub is enabled and its standard subscriptions. Security Hub Check if Security Hub is enabled and its standard subscriptions. securityhub_enabled Security Hub is not enabled

AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts.

Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.

FAIL high securityhub us-west-1 Check if Security Hub is enabled and its standard subscriptions. Security Hub Check if Security Hub is enabled and its standard subscriptions. securityhub_enabled Security Hub is not enabled

AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts.

Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.

FAIL high securityhub us-west-2 Check if Security Hub is enabled and its standard subscriptions. Security Hub Check if Security Hub is enabled and its standard subscriptions. securityhub_enabled Security Hub is not enabled

AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts.

Security Hub is Regional. When you enable or disable a security standard, it is enabled or disabled only in the current Region or in the Region that you specify.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted API-FUGOONE-COM-CPU-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:API-FUGOONE-COM-CPU-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted API-FUGOONE-COM-CPU-UTILIZATION-WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:API-FUGOONE-COM-CPU-UTILIZATION-WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted CapitalMarketDemo_CPU_UTILIZATION_CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:CapitalMarketDemo_CPU_UTILIZATION_CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted CapitalMarketDemo_CPU_UTILIZATION_WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:CapitalMarketDemo_CPU_UTILIZATION_WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted CapitalMarketDemo_RAM_UTILIZATION_CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:CapitalMarketDemo_RAM_UTILIZATION_CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted CapitalMarketDemo_STORAGE-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:CapitalMarketDemo_STORAGE-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted DR-FUGOONE-COM-CPU-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:DR-FUGOONE-COM-CPU-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted DR-FUGOONE-COM-CPU-UTILIZATION-WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:DR-FUGOONE-COM-CPU-UTILIZATION-WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FLTITILE-RAM-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FLTITILE-RAM-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FLTITILE-STORAGE-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FLTITILE-STORAGE-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FLTITLE-STORAGE-UTILIZATION-WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FLTITLE-STORAGE-UTILIZATION-WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FLTITLE_CPU_UTILIZATION_CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FLTITLE_CPU_UTILIZATION_CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FLTITLE_CPU_UTULIZATION_WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FLTITLE_CPU_UTULIZATION_WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-AWS-LOGIN-ALERTS Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-AWS-LOGIN-ALERTS is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-Alerts Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-Alerts is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-CLOUDTRAIL-CONFIG-CHANGE-ALERT Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-CLOUDTRAIL-CONFIG-CHANGE-ALERT is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

PASS high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-CMK-ALERTS Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-CMK-ALERTS is encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-CONSOLE-LOGIN-WITHOUT-MFA Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-CONSOLE-LOGIN-WITHOUT-MFA is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

PASS high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-IAM-POLICY-CHANGE-ALERTS Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-IAM-POLICY-CHANGE-ALERTS is encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-INSTANCE-ALARMS Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-INSTANCE-ALARMS is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

PASS high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-NACL-ALERTS Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-NACL-ALERTS is encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-NEW-AD-CPU-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-NEW-AD-CPU-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-NEW-AD-CPU-UTILIZATION-WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-NEW-AD-CPU-UTILIZATION-WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-ONE-SALES-APP-NEW-RAM-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-ONE-SALES-APP-NEW-RAM-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-ONE-SALES-APP-NEW-STORAGE-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-ONE-SALES-APP-NEW-STORAGE-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-ONE-TITLE-STORAGE-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-ONE-TITLE-STORAGE-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-PRODUCTION-FUGOONE-BASTION-CPU-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-PRODUCTION-FUGOONE-BASTION-CPU-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-PRODUCTION-FUGOONE-BASTION-RAM-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-PRODUCTION-FUGOONE-BASTION-RAM-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-PRODUCTION-FUGOONE-BASTION-STORAGE-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-PRODUCTION-FUGOONE-BASTION-STORAGE-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-RDS-ALARMS Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-RDS-ALARMS is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-S3-BUCKET-ALARMS Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-S3-BUCKET-ALARMS is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

PASS high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-S3-POLICY-CHANGE-ALERTS Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-S3-POLICY-CHANGE-ALERTS is encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-SECURITY-GROUP-CHANGE-ALERTS Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-SECURITY-GROUP-CHANGE-ALERTS is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-SERVICES-PROD-CPU-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-SERVICES-PROD-CPU-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-SERVICES-PROD-CPU-UTILIZATION-WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-SERVICES-PROD-CPU-UTILIZATION-WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-SERVICES-SQL-PROD-CPU-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-SERVICES-SQL-PROD-CPU-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-SERVICES-SQL-PROD-CPU-UTILIZATION-WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-SERVICES-SQL-PROD-CPU-UTILIZATION-WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-STAGING-SERVER-RAM-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-STAGING-SERVER-RAM-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-STAGING-SERVER-STORAGE-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-STAGING-SERVER-STORAGE-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-TRAINING-CPU-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-TRAINING-CPU-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-TRAINING-CPU-UTILIZATION-WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-TRAINING-CPU-UTILIZATION-WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-TRAINING-RAM-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-TRAINING-RAM-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-TRANING-STORAGE-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-TRANING-STORAGE-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

PASS high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-UNAUTHORIZED-API-ALERTS Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-UNAUTHORIZED-API-ALERTS is encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO-VPC-ALERTS Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO-VPC-ALERTS is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGOONE-TITLE-CPU-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGOONE-TITLE-CPU-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGOONE-TITLE-CPU-UTILIZATION-WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGOONE-TITLE-CPU-UTILIZATION-WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGOONE-TITLE-RAM-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGOONE-TITLE-RAM-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGOONE_SALES_APPNEW_CPU_UTILIZATON_CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGOONE_SALES_APPNEW_CPU_UTILIZATON_CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGOONE_SALES_APPNEW_CPU_UTILIZATON_WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGOONE_SALES_APPNEW_CPU_UTILIZATON_WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO_ONSITE Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO_ONSITE is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO_ROOT_USER_LOGIN_ALERTS Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO_ROOT_USER_LOGIN_ALERTS is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO_ROUTE_TABLE_CHANGES_ALERTS Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO_ROUTE_TABLE_CHANGES_ALERTS is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO_SALES_CPU_UTILIZATION_CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO_SALES_CPU_UTILIZATION_CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO_SECURITY_GROUP_ALERTS Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO_SECURITY_GROUP_ALERTS is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO_SECURITY_GROUP_ALERTS.fifo Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO_SECURITY_GROUP_ALERTS.fifo is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO_STAGING_SERVER_CPU_UTILIZATION_CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO_STAGING_SERVER_CPU_UTILIZATION_CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted FUGO_STAGING_SERVER_CPU_UTILIZATION_WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:FUGO_STAGING_SERVER_CPU_UTILIZATION_WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted INSTANCE_ALARMS.fifo Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:INSTANCE_ALARMS.fifo is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

PASS high sns ap-south-1 Ensure there are no SNS Topics unencrypted Network_Gateway_Alerts Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:Network_Gateway_Alerts is encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted Resware_Windows_WCF_API_Server_CPU_UTILIZATION_CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:Resware_Windows_WCF_API_Server_CPU_UTILIZATION_CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted Resware_Windows_WCF_API_Server_CPU_UTILIZATION_WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:Resware_Windows_WCF_API_Server_CPU_UTILIZATION_WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted TITLE-APP-PRODUCTION-CPU-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:TITLE-APP-PRODUCTION-CPU-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted TITLE-APP-PRODUCTION-CPU-UTILIZATION-WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:TITLE-APP-PRODUCTION-CPU-UTILIZATION-WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted TitleHub-App-Production-STORAGE-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:TitleHub-App-Production-STORAGE-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted TitleHub-App-Staging-RAM-UTULIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:TitleHub-App-Staging-RAM-UTULIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted TitleHub-App-Staging-STORAGE-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:TitleHub-App-Staging-STORAGE-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted TitleHub_APP_Production-RAM-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:TitleHub_APP_Production-RAM-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted TitleHub_APP_Production_CPU_UTILIZATION_CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:TitleHub_APP_Production_CPU_UTILIZATION_CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted TitleHub_APP_Staging_CPU_UTILIZATION_CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:TitleHub_APP_Staging_CPU_UTILIZATION_CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted TitleHub_APP_Staging_CPU_UTILIZATION_WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:TitleHub_APP_Staging_CPU_UTILIZATION_WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted Title_APP_Production-STORAGE-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:Title_APP_Production-STORAGE-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted Title_APP_Production_RAM-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:Title_APP_Production_RAM-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted WFGBlocks_APP_Production-RAM-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:WFGBlocks_APP_Production-RAM-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted WFGBlocks_APP_Production-STORAGE-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:WFGBlocks_APP_Production-STORAGE-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted WFGBlocks_APP_Production_CPU_UTILIZATION_CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:WFGBlocks_APP_Production_CPU_UTILIZATION_CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted WFGBlocks_APP_Production_CPU_UTILIZATION_WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:WFGBlocks_APP_Production_CPU_UTILIZATION_WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted api-fugoone-com-RAM-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:api-fugoone-com-RAM-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted api-fugoone-com-STORAGE-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:api-fugoone-com-STORAGE-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted demo-fugoone-com-db_CPU_UTILIZATION_CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:demo-fugoone-com-db_CPU_UTILIZATION_CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted demo-fugoone-com-db_STORAGE_UTILIZATION_WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:demo-fugoone-com-db_STORAGE_UTILIZATION_WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted dr-fugo-db-RDS-CPU-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:dr-fugo-db-RDS-CPU-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted dr-fugo-db-RDS-STORAGE-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:dr-fugo-db-RDS-STORAGE-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted dr-fugo-db-RDS-STORAGE-UTILIZATION-WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:dr-fugo-db-RDS-STORAGE-UTILIZATION-WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted dr-fugoone-coSTORAGE-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:dr-fugoone-coSTORAGE-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted dr-fugoone-com-RAM-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:dr-fugoone-com-RAM-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted fltitle-db-RDS-CPU-UTILIZATION-WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:fltitle-db-RDS-CPU-UTILIZATION-WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted fltitle-db-RDS-STORAGE-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:fltitle-db-RDS-STORAGE-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted fltitle-db-RDS-STORAGE-UTILIZATION-WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:fltitle-db-RDS-STORAGE-UTILIZATION-WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted fugo-knowfugo-CPU-TILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-knowfugo-CPU-TILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted fugo-knowfugo-RDS-STORAGE-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-knowfugo-RDS-STORAGE-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted fugo-knowfugo-RDS-STORAGE-UTILIZATION-WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-knowfugo-RDS-STORAGE-UTILIZATION-WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted fugo-new-demo-16042020-CPU-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-new-demo-16042020-CPU-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted fugo-new-demo-16042020_STORAGE-UTILIZATION-WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-new-demo-16042020_STORAGE-UTILIZATION-WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted fugo-prod-db-RDS-CPU-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-prod-db-RDS-CPU-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted fugo-prod-db-RDS-STORAGE-UTILIZATION-WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-prod-db-RDS-STORAGE-UTILIZATION-WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted fugo-prod-db-RDS-STORAGE-UTULIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-prod-db-RDS-STORAGE-UTULIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted fugo-read-db-RDS-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-read-db-RDS-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted fugo-staging-db_CPU_UTILIZATION_CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-staging-db_CPU_UTILIZATION_CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted fugo-staging-db_RDS-STORAGE-UTILIZATION-WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-staging-db_RDS-STORAGE-UTILIZATION-WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted fugo-stagingknowfugo-RDS-CPU-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-stagingknowfugo-RDS-CPU-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted fugo-stagingknowfugo-RDS-STORAGE-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-stagingknowfugo-RDS-STORAGE-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted fugo-test-db-RDS_CPU_UTILIZATION_WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-test-db-RDS_CPU_UTILIZATION_WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted fugo-test-db-RDS_STORAGE_UTILIZATION_CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:fugo-test-db-RDS_STORAGE_UTILIZATION_CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted fugoonetitle-RDS-CPU-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:fugoonetitle-RDS-CPU-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted fugoonetitle-RDS-STORAGE-UTILIZATION-WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:fugoonetitle-RDS-STORAGE-UTILIZATION-WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted fugoservices-prod-RAM-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:fugoservices-prod-RAM-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted fugoservices-prod-STORAGE-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:fugoservices-prod-STORAGE-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted fugoservices-sql-prod-RAM-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:fugoservices-sql-prod-RAM-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted fugoservices-sql-prod-STORAGE-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:fugoservices-sql-prod-STORAGE-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted new-demo-db-10-07-21_CPU_UTILIZATION_CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:new-demo-db-10-07-21_CPU_UTILIZATION_CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted new-demo-db-10-07-21_RDS-STORAGE_UTILIZATION_CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:new-demo-db-10-07-21_RDS-STORAGE_UTILIZATION_CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted new-demo-fugoone-com-june-RDS_CPU_UTILIZATION_CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:new-demo-fugoone-com-june-RDS_CPU_UTILIZATION_CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted new-demo-fugoone-com-june-RDS_STORAGE_UTILIZATION_CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:new-demo-fugoone-com-june-RDS_STORAGE_UTILIZATION_CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted new-dr-fugoone-db-21-12-2021-RDS-STORAGE-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:new-dr-fugoone-db-21-12-2021-RDS-STORAGE-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted new-dr-fugoone-db-21-12-2021-RDS-STORAGE-UTILIZATION-WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:new-dr-fugoone-db-21-12-2021-RDS-STORAGE-UTILIZATION-WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted new-dr-fugoone-db-21-12-2021-RDS-UTILIZATION-CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:new-dr-fugoone-db-21-12-2021-RDS-UTILIZATION-CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted webservices_fugoone_com-DEV-WINDOWS_CPU_UTILIZATION_CRITICAL Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:webservices_fugoone_com-DEV-WINDOWS_CPU_UTILIZATION_CRITICAL is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Ensure there are no SNS Topics unencrypted webservices_fugoone_com-DEV-WINDOWS_CPU_UTILIZATION_WARNING Ensure there are no SNS Topics unencrypted sns_topics_kms_encryption_at_rest_enabled SNS topic arn:aws:sns:ap-south-1:207592916039:webservices_fugoone_com-DEV-WINDOWS_CPU_UTILIZATION_WARNING is not encrypted

If not enabled sensitive information at rest is not protected.

Use Amazon SNS with AWS KMS.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public API-FUGOONE-COM-CPU-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic API-FUGOONE-COM-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public API-FUGOONE-COM-CPU-UTILIZATION-WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic API-FUGOONE-COM-CPU-UTILIZATION-WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public CapitalMarketDemo_CPU_UTILIZATION_CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic CapitalMarketDemo_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public CapitalMarketDemo_CPU_UTILIZATION_WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic CapitalMarketDemo_CPU_UTILIZATION_WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public CapitalMarketDemo_RAM_UTILIZATION_CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic CapitalMarketDemo_RAM_UTILIZATION_CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public CapitalMarketDemo_STORAGE-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic CapitalMarketDemo_STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public DR-FUGOONE-COM-CPU-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic DR-FUGOONE-COM-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public DR-FUGOONE-COM-CPU-UTILIZATION-WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic DR-FUGOONE-COM-CPU-UTILIZATION-WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FLTITILE-RAM-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FLTITILE-RAM-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FLTITILE-STORAGE-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FLTITILE-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FLTITLE-STORAGE-UTILIZATION-WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FLTITLE-STORAGE-UTILIZATION-WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FLTITLE_CPU_UTILIZATION_CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FLTITLE_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FLTITLE_CPU_UTULIZATION_WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FLTITLE_CPU_UTULIZATION_WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-AWS-LOGIN-ALERTS Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-AWS-LOGIN-ALERTS policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-Alerts Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-Alerts policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-CLOUDTRAIL-CONFIG-CHANGE-ALERT Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-CLOUDTRAIL-CONFIG-CHANGE-ALERT policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-CMK-ALERTS Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-CMK-ALERTS policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-CONSOLE-LOGIN-WITHOUT-MFA Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-CONSOLE-LOGIN-WITHOUT-MFA policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-IAM-POLICY-CHANGE-ALERTS Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-IAM-POLICY-CHANGE-ALERTS policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-INSTANCE-ALARMS Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-INSTANCE-ALARMS policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-NACL-ALERTS Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-NACL-ALERTS policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-NEW-AD-CPU-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-NEW-AD-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-NEW-AD-CPU-UTILIZATION-WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-NEW-AD-CPU-UTILIZATION-WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-ONE-SALES-APP-NEW-RAM-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-ONE-SALES-APP-NEW-RAM-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-ONE-SALES-APP-NEW-STORAGE-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-ONE-SALES-APP-NEW-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-ONE-TITLE-STORAGE-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-ONE-TITLE-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-PRODUCTION-FUGOONE-BASTION-CPU-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-PRODUCTION-FUGOONE-BASTION-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-PRODUCTION-FUGOONE-BASTION-RAM-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-PRODUCTION-FUGOONE-BASTION-RAM-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-PRODUCTION-FUGOONE-BASTION-STORAGE-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-PRODUCTION-FUGOONE-BASTION-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-RDS-ALARMS Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-RDS-ALARMS policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-S3-BUCKET-ALARMS Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-S3-BUCKET-ALARMS policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-S3-POLICY-CHANGE-ALERTS Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-S3-POLICY-CHANGE-ALERTS policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-SECURITY-GROUP-CHANGE-ALERTS Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-SECURITY-GROUP-CHANGE-ALERTS policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-SERVICES-PROD-CPU-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-SERVICES-PROD-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-SERVICES-PROD-CPU-UTILIZATION-WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-SERVICES-PROD-CPU-UTILIZATION-WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-SERVICES-SQL-PROD-CPU-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-SERVICES-SQL-PROD-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-SERVICES-SQL-PROD-CPU-UTILIZATION-WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-SERVICES-SQL-PROD-CPU-UTILIZATION-WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-STAGING-SERVER-RAM-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-STAGING-SERVER-RAM-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-STAGING-SERVER-STORAGE-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-STAGING-SERVER-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-TRAINING-CPU-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-TRAINING-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-TRAINING-CPU-UTILIZATION-WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-TRAINING-CPU-UTILIZATION-WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-TRAINING-RAM-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-TRAINING-RAM-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-TRANING-STORAGE-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-TRANING-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-UNAUTHORIZED-API-ALERTS Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-UNAUTHORIZED-API-ALERTS policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO-VPC-ALERTS Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO-VPC-ALERTS policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGOONE-TITLE-CPU-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGOONE-TITLE-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGOONE-TITLE-CPU-UTILIZATION-WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGOONE-TITLE-CPU-UTILIZATION-WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGOONE-TITLE-RAM-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGOONE-TITLE-RAM-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGOONE_SALES_APPNEW_CPU_UTILIZATON_CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGOONE_SALES_APPNEW_CPU_UTILIZATON_CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGOONE_SALES_APPNEW_CPU_UTILIZATON_WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGOONE_SALES_APPNEW_CPU_UTILIZATON_WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO_ONSITE Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO_ONSITE policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO_ROOT_USER_LOGIN_ALERTS Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO_ROOT_USER_LOGIN_ALERTS policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO_ROUTE_TABLE_CHANGES_ALERTS Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO_ROUTE_TABLE_CHANGES_ALERTS policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO_SALES_CPU_UTILIZATION_CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO_SALES_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO_SECURITY_GROUP_ALERTS Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO_SECURITY_GROUP_ALERTS policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO_SECURITY_GROUP_ALERTS.fifo Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO_SECURITY_GROUP_ALERTS.fifo policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO_STAGING_SERVER_CPU_UTILIZATION_CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO_STAGING_SERVER_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public FUGO_STAGING_SERVER_CPU_UTILIZATION_WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic FUGO_STAGING_SERVER_CPU_UTILIZATION_WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public INSTANCE_ALARMS.fifo Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic INSTANCE_ALARMS.fifo policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public Network_Gateway_Alerts Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic Network_Gateway_Alerts policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public Resware_Windows_WCF_API_Server_CPU_UTILIZATION_CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic Resware_Windows_WCF_API_Server_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public Resware_Windows_WCF_API_Server_CPU_UTILIZATION_WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic Resware_Windows_WCF_API_Server_CPU_UTILIZATION_WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public TITLE-APP-PRODUCTION-CPU-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic TITLE-APP-PRODUCTION-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public TITLE-APP-PRODUCTION-CPU-UTILIZATION-WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic TITLE-APP-PRODUCTION-CPU-UTILIZATION-WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public TitleHub-App-Production-STORAGE-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic TitleHub-App-Production-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public TitleHub-App-Staging-RAM-UTULIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic TitleHub-App-Staging-RAM-UTULIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public TitleHub-App-Staging-STORAGE-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic TitleHub-App-Staging-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public TitleHub_APP_Production-RAM-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic TitleHub_APP_Production-RAM-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public TitleHub_APP_Production_CPU_UTILIZATION_CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic TitleHub_APP_Production_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public TitleHub_APP_Staging_CPU_UTILIZATION_CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic TitleHub_APP_Staging_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public TitleHub_APP_Staging_CPU_UTILIZATION_WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic TitleHub_APP_Staging_CPU_UTILIZATION_WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public Title_APP_Production-STORAGE-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic Title_APP_Production-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public Title_APP_Production_RAM-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic Title_APP_Production_RAM-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public WFGBlocks_APP_Production-RAM-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic WFGBlocks_APP_Production-RAM-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public WFGBlocks_APP_Production-STORAGE-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic WFGBlocks_APP_Production-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public WFGBlocks_APP_Production_CPU_UTILIZATION_CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic WFGBlocks_APP_Production_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public WFGBlocks_APP_Production_CPU_UTILIZATION_WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic WFGBlocks_APP_Production_CPU_UTILIZATION_WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public api-fugoone-com-RAM-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic api-fugoone-com-RAM-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public api-fugoone-com-STORAGE-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic api-fugoone-com-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public demo-fugoone-com-db_CPU_UTILIZATION_CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic demo-fugoone-com-db_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public demo-fugoone-com-db_STORAGE_UTILIZATION_WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic demo-fugoone-com-db_STORAGE_UTILIZATION_WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public dr-fugo-db-RDS-CPU-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic dr-fugo-db-RDS-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public dr-fugo-db-RDS-STORAGE-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic dr-fugo-db-RDS-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public dr-fugo-db-RDS-STORAGE-UTILIZATION-WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic dr-fugo-db-RDS-STORAGE-UTILIZATION-WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public dr-fugoone-coSTORAGE-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic dr-fugoone-coSTORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public dr-fugoone-com-RAM-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic dr-fugoone-com-RAM-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public fltitle-db-RDS-CPU-UTILIZATION-WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic fltitle-db-RDS-CPU-UTILIZATION-WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public fltitle-db-RDS-STORAGE-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic fltitle-db-RDS-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public fltitle-db-RDS-STORAGE-UTILIZATION-WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic fltitle-db-RDS-STORAGE-UTILIZATION-WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public fugo-knowfugo-CPU-TILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic fugo-knowfugo-CPU-TILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public fugo-knowfugo-RDS-STORAGE-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic fugo-knowfugo-RDS-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public fugo-knowfugo-RDS-STORAGE-UTILIZATION-WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic fugo-knowfugo-RDS-STORAGE-UTILIZATION-WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public fugo-new-demo-16042020-CPU-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic fugo-new-demo-16042020-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public fugo-new-demo-16042020_STORAGE-UTILIZATION-WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic fugo-new-demo-16042020_STORAGE-UTILIZATION-WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public fugo-prod-db-RDS-CPU-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic fugo-prod-db-RDS-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public fugo-prod-db-RDS-STORAGE-UTILIZATION-WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic fugo-prod-db-RDS-STORAGE-UTILIZATION-WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public fugo-prod-db-RDS-STORAGE-UTULIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic fugo-prod-db-RDS-STORAGE-UTULIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public fugo-read-db-RDS-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic fugo-read-db-RDS-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public fugo-staging-db_CPU_UTILIZATION_CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic fugo-staging-db_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public fugo-staging-db_RDS-STORAGE-UTILIZATION-WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic fugo-staging-db_RDS-STORAGE-UTILIZATION-WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public fugo-stagingknowfugo-RDS-CPU-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic fugo-stagingknowfugo-RDS-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public fugo-stagingknowfugo-RDS-STORAGE-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic fugo-stagingknowfugo-RDS-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public fugo-test-db-RDS_CPU_UTILIZATION_WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic fugo-test-db-RDS_CPU_UTILIZATION_WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public fugo-test-db-RDS_STORAGE_UTILIZATION_CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic fugo-test-db-RDS_STORAGE_UTILIZATION_CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public fugoonetitle-RDS-CPU-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic fugoonetitle-RDS-CPU-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public fugoonetitle-RDS-STORAGE-UTILIZATION-WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic fugoonetitle-RDS-STORAGE-UTILIZATION-WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public fugoservices-prod-RAM-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic fugoservices-prod-RAM-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public fugoservices-prod-STORAGE-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic fugoservices-prod-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public fugoservices-sql-prod-RAM-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic fugoservices-sql-prod-RAM-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public fugoservices-sql-prod-STORAGE-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic fugoservices-sql-prod-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public new-demo-db-10-07-21_CPU_UTILIZATION_CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic new-demo-db-10-07-21_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public new-demo-db-10-07-21_RDS-STORAGE_UTILIZATION_CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic new-demo-db-10-07-21_RDS-STORAGE_UTILIZATION_CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public new-demo-fugoone-com-june-RDS_CPU_UTILIZATION_CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic new-demo-fugoone-com-june-RDS_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public new-demo-fugoone-com-june-RDS_STORAGE_UTILIZATION_CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic new-demo-fugoone-com-june-RDS_STORAGE_UTILIZATION_CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public new-dr-fugoone-db-21-12-2021-RDS-STORAGE-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic new-dr-fugoone-db-21-12-2021-RDS-STORAGE-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public new-dr-fugoone-db-21-12-2021-RDS-STORAGE-UTILIZATION-WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic new-dr-fugoone-db-21-12-2021-RDS-STORAGE-UTILIZATION-WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public new-dr-fugoone-db-21-12-2021-RDS-UTILIZATION-CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic new-dr-fugoone-db-21-12-2021-RDS-UTILIZATION-CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public webservices_fugoone_com-DEV-WINDOWS_CPU_UTILIZATION_CRITICAL Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic webservices_fugoone_com-DEV-WINDOWS_CPU_UTILIZATION_CRITICAL policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

FAIL high sns ap-south-1 Check if SNS topics have policy set as Public webservices_fugoone_com-DEV-WINDOWS_CPU_UTILIZATION_WARNING Check if SNS topics have policy set as Public sns_topics_not_publicly_accessible SNS topic webservices_fugoone_com-DEV-WINDOWS_CPU_UTILIZATION_WARNING policy with public access but has a Condition

Publicly accessible services could expose sensitive data to bad actors.

Ensure there is a business requirement for service to be public.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. rSs93HQwa1 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon RDS Public Snapshots is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. aW7HH0l7J9 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Auto Scaling Launch Configurations is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. xSqX82fQu Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check ELB Security Groups is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. dx3xfbjfMr Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Route 53 Traffic Policies is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. b73EEdD790 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon Route 53 Failover Resource Record Sets is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. gH5CC0e3J9 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check EBS Cold HDD (sc1) Volume Storage is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. N425c450f2 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check CloudFront Custom SSL Certificates in the IAM Certificate Store is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. L4dfs2Q4C5 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check AWS Lambda Functions Using Deprecated Runtimes is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. L4dfs2Q4C6 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check AWS Lambda VPC-enabled Functions without Multi-AZ Redundancy is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. cF171Db240 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon Route 53 Name Server Delegations is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. cG7HH0l7J9 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check EBS Magnetic (standard) Volume Storage is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. sU7XX0l7J9 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check IAM Group is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. N420c450f2 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check CloudFront Alternate Domain Names is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. COr6dfpM04 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon EBS under-provisioned volumes is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. COr6dfpM03 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon EBS over-provisioned volumes is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. jtlIMO3qZM Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS Cluster Parameter Groups is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. COr6dfpM06 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check AWS Lambda under-provisioned functions for memory size is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. COr6dfpM05 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check AWS Lambda over-provisioned functions for memory size is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. f2iK5R6Dep Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon RDS Multi-AZ is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. jEhCtdJKOY Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS Subnets per Subnet Group is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. a2sEc6ILx Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check ELB Listener Security is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. ePs02jT06w Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon EBS Public Snapshots is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. R365s2Qddf Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon S3 Bucket Versioning is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Wxdfp4B1L2 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check AWS Well-Architected high risk issues for performance efficiency is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. 8wIqYSt25K Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check ELB Network Load Balancers is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Wxdfp4B1L3 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check AWS Well-Architected high risk issues for security is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Wxdfp4B1L4 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check AWS Well-Architected high risk issues for reliability is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Wxdfp4B1L1 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check AWS Well-Architected high risk issues for cost optimization is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. opQPADkZvH Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon RDS Backups is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. L4dfs2Q3C2 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check AWS Lambda Functions with High Error Rates is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. L4dfs2Q3C3 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check AWS Lambda Functions with Excessive Timeouts is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. vjafUGJ9H0 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check AWS CloudTrail Logging is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. 7fuccf1Mx7 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS Cluster Roles is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. ru4xfcdfMr Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Route 53 Max Health Checks is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. dV84wpqRUs Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS DB Manual Snapshots is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. xuy7H1avtl Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon Aurora DB Instance Accessibility is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. 0t121N1Ty3 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check AWS Direct Connect Connection Redundancy is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. RH23stmM01 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check AWS Resilience Hub resilience scores is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. RH23stmM02 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check AWS Resilience Hub policy breached is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. hc0dfs7601 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check AWS CloudHSM clusters running HSM instances in a single AZ is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. DqdJqYeRm5 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check IAM Access Key Rotation is in state error.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. 7DAFEmoDos Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check MFA on Root Account is in state error.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. kM7QQ0l7J9 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check VPC Internet Gateways is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. tfg86AVHAZ Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Large Number of Rules in an EC2 Security Group is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. HCP4007jGY Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Security Groups - Specific Ports Unrestricted is in state error.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Pfx0RwqBli Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon S3 Bucket Permissions is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G191 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS cluster snapshots and database snapshots should be encrypted at rest is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G192 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS DB Instances should prohibit public access, determined by the PubliclyAccessible configuration is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G193 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS DB instances should have encryption at-rest enabled is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G194 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS snapshot should be private is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G195 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check CloudFront distributions should have origin access identity enabled is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G196 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check AWS Config should be enabled is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. B913Ef6fb4 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon Route 53 Alias Resource Record Sets is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G197 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon Elasticsearch Service domains should have encryption at-rest enabled is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G198 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS DB instances should have deletion protection enabled is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. 1iG5NDGVre Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Security Groups - Unrestricted Access is in state error.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G190 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS clusters should have deletion protection enabled is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. nNauJisYIT Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon RDS Security Group Access Risk is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G188 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check GuardDuty should be enabled is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G189 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Enhanced monitoring should be configured for RDS DB instances is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. 1e93e4c0b5 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon EC2 Reserved Instance Lease Expiration is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. C056F80cR3 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon Route 53 High TTL Resource Record Sets is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. 6gtQddfEw6 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check DynamoDB Read Capacity is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G199 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Database logging should be enabled is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. XG0aXHpIEt Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS DB Instances is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. wuy7G1zxql Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon EC2 Availability Zone Balance is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G170 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check S3 Block Public Access setting should be enabled is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G171 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check S3 buckets should prohibit public read access is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G172 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check S3 buckets should prohibit public write access is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G173 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check S3 Block Public Access setting should be enabled at the bucket-level is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G174 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check CodeBuild GitHub or Bitbucket source repository URLs should use OAuth is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G175 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check CodeBuild project environment variables should not contain clear text credentials is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G176 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check ACM certificates should be renewed after a specified time period is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. CLOG40CDO8 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Auto Scaling Group Health Check is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. aW9HH0l8J6 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check EC2-Classic Elastic IP Addresses is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. iK7OO0l7J9 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check ELB Classic Load Balancers is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. wH7DD0l3J9 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check EBS Throughput Optimized HDD (st1) Volume Storage is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. DAvU99Dc4C Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Underutilized Amazon EBS Volumes is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. pYW8UkYz2w Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS Read Replicas per Master is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. pR7UU0l7J9 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check IAM Policies is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. eI7KK0l7J9 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check EBS Active Snapshots is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G166 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check An RDS event notifications subscription should be configured for critical cluster events is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G167 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check S3 buckets should have server-side encryption enabled is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G168 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check S3 buckets should require requests to use Secure Socket Layer is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G169 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check S3 permissions granted to other AWS accounts in bucket policies should be restricted is in state error.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. fW7HH0l7J9 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Auto Scaling Groups is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. P1jhKWEmLa Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS Total Storage Quota is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G180 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon Elasticsearch Service domain error logging to CloudWatch Logs should be enabled is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G181 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Classic Load Balancers with SSL/HTTPS listeners should use a certificate provided by AWS Certificate Manager is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G182 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Classic Load Balancer listeners should be configured with HTTPS or TLS termination is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. 1qazXsw23e Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon Relational Database Service (RDS) Reserved Instance Optimization is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G183 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Application load balancer should be configured to drop http headers is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G184 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Application and Classic Load Balancers logging should be enabled is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G185 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check IAM customer managed policies that you create should not allow wildcard actions for services is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G186 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check AWS WAF Classic Global Web ACL logging should be enabled is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G187 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Connections to Amazon Elasticsearch Service domains should be encrypted using TLS 1.2 is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. 12Fnkpl8Y5 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Exposed Access Keys is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. 8CNsSllI5v Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Auto Scaling Group Resources is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. k3J2hns32g Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Overutilized Amazon EBS Magnetic Volumes is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. hjLMh88uM8 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Idle Load Balancers is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G177 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Auto scaling groups associated with a load balancer should use load balancer health checks is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. BueAdJ7NrP Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon S3 Bucket Logging is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G178 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Security groups should only allow unrestricted incoming traffic for authorized ports is in state error.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G179 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check SNS topics should be encrypted at-rest using AWS KMS is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. xdeXZKIUy Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check ELB Cross-Zone Load Balancing is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. gW7HH0l7J9 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check CloudFormation Stacks is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. gI7MM0l7J2 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check EBS Provisioned IOPS SSD (io2) Volume Storage is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G150 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Elasticsearch domains should encrypt data sent between nodes is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G151 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check An RDS event notifications subscription should be configured for critical database parameter group events is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G152 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check An RDS event notifications subscription should be configured for critical database instance events is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. EM8b3yLRTr Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check ELB Application Load Balancers is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G153 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS instances should not use a database engine default port is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. rT7WW0l7J9 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check IAM Server Certificates is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G154 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check An RDS event notifications subscription should be configured for critical database security group events is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. N415c450f2 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check CloudFront Header Forwarding and Cache Hit Ratio is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G144 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Unused IAM user credentials should be removed is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. iqdCTZKCUp Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Load Balancer Optimization is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G145 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon ECS task definitions should have secure networking modes and user definitions. is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. gI7MM0l7J9 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check EBS Provisioned IOPS SSD (io1) Volume Storage is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G146 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check ECS services should not have public IP addresses assigned to them automatically is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Ti39halfu8 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon RDS Idle DB Instances is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. j3DFqYTe29 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Large Number of EC2 Security Group Rules Applied to an Instance is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G147 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon Elasticsearch Service domains should be in a VPC is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. 1qw23er45t Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon Redshift Reserved Node Optimization is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G148 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Elastic Beanstalk environments should have enhanced health reporting enabled is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G149 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Elastic Beanstalk managed platform updates should be enabled is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Cb877eB72b Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon Route 53 Deleted Health Checks is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. 796d6f3D83 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check CloudFront Content Delivery Optimization is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G160 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check IAM authentication should be configured for RDS instances is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G161 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check IAM authentication should be configured for RDS clusters is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G162 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS automatic minor version upgrades should be enabled is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G163 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS DB clusters should be configured to copy tags to snapshots is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G164 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS DB instances should be configured to copy tags to snapshots is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G165 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS instances should be deployed in a VPC is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. keAhfbH5yb Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS Event Subscriptions is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. c5ftjdfkMr Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check DynamoDB Write Capacity is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Cm24dfsM13 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon Comprehend Endpoint Access Risk is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G155 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check EC2 instances should be managed by AWS Systems Manager is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G156 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check EC2 instances managed by Systems Manager should have a patch compliance status of COMPLIANT after a patch installation is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. ZRxQlPsb6c Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check High Utilization Amazon EC2 Instances is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G157 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check EC2 instances managed by Systems Manager should have an association compliance status of COMPLIANT is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. bW7HH0l7J9 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Kinesis Shards per Region is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Cm24dfsM12 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon Comprehend Underutilized Endpoints is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G158 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check SSM documents should not be public is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G159 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Elastic File System should be configured to encrypt file data at-rest using AWS KMS is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. nO7SS0l7J9 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check IAM Instance Profiles is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. dx3xfcdfMr Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Route 53 Hosted Zones is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. PPkZrjsH2q Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon EBS Provisioned IOPS (SSD) Volume Attachment Configuration is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G130 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Lambda functions should use supported runtimes is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G131 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Lambda function policies should prohibit public access is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G132 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Database Migration Service replication instances should not be public is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. lN7RR0l7J9 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check EC2-VPC Elastic IP Address is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Z4AUBRNSmz Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Unassociated Elastic IP Addresses is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. dBkuNCvqn5 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS Max Auths per Security Group is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. H7IgTzjTYb Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon EBS Snapshots is in state error.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. 7ujm6yhn5t Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon OpenSearch Service Reserved Instance Optimization is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G122 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check VPC flow logging should be enabled in all VPCs is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G123 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check EC2 instances should not have a public IPv4 address is in state error.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. gjqMBn6pjz Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS Clusters is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G124 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check EC2 instances should use Instance Metadata Service Version 2 (IMDSv2) is in state error.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G125 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check API Gateway should be associated with a WAF Web ACL is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Qch7DwouX1 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Low Utilization Amazon EC2 Instances is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G126 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check DynamoDB Accelerator (DAX) clusters should be encrypted at rest is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G127 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check API Gateway REST and WebSocket API execution logging should be enabled is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G128 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check API Gateway REST API stages should be configured to use SSL certificates for backend authentication is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G129 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check API Gateway REST API stages should have AWS X-Ray tracing enabled is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. G31sQ1E9U Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Underutilized Amazon Redshift Clusters is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. h3L1otH3re Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon ElastiCache Reserved Node Optimization is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G140 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check IAM root user access key should not exist is in state error.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G141 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check MFA should be enabled for all IAM users that have a console password is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G142 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Hardware MFA should be enabled for the root user is in state error.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G143 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Password policies for IAM users should have strong configurations is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. N430c450f2 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check CloudFront SSL Certificate on the Origin Server is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. 3Njm0DJQO9 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS Option Groups is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. tV7YY0l7J9 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check EBS Provisioned IOPS (SSD) Volume Aggregate IOPS is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. vZ2c2W1srf Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Savings Plan is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G133 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check IAM customer managed policies should not allow decryption actions on all KMS keys is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G134 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check IAM principals should not have IAM inline policies that allow decryption actions on all KMS keys is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. ty3xfcdfMr Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Route 53 Reusable Delegation Sets is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G135 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check AWS KMS keys should not be deleted unintentionally is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G136 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon SQS queues should be encrypted at rest is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. gfZAn3W7wl Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS DB Security Groups is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G137 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check IAM policies should not allow full "*" administrative privileges is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. 7qGXsKIUw Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check ELB Connection Draining is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G138 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check IAM users should not have IAM policies attached is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G139 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check IAM users' access keys should be rotated every 90 days or less is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G230 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check S3 bucket server access logging should be enabled is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G231 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Stateless network firewall rule group should not be empty is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G110 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check CloudTrail should have encryption at-rest enabled is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Qsdfp3A4L1 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon EC2 instances over-provisioned for Microsoft SQL Server is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. UUDvOa5r34 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS Reserved Instances is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. oQ7TT0l7J9 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check IAM Roles is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G108 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check CloudTrail trails should be integrated with Amazon CloudWatch Logs is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G229 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check CloudFront distributions should encrypt traffic to custom origins is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G109 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check CloudTrail log file validation should be enabled is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. jL7PP0l7J9 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check VPC is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G100 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon SageMaker notebook instances should not have direct internet access is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G221 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check OpenSearch domains should have audit logging enabled is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G101 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon Elastic MapReduce cluster master nodes should not have public IP addresses is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G222 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check OpenSearch domain error logging to CloudWatch Logs should be enabled is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G223 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check OpenSearch domains should encrypt data sent between nodes is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G102 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Connections to Amazon Redshift clusters should be encrypted in transit is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G224 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check OpenSearch domains should be in a VPC is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. cX3c2R1chu Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon EC2 Reserved Instances Optimization is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G103 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon Redshift clusters should prohibit public access is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G225 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check OpenSearch domains should have encryption at rest enabled is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G104 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Redshift clusters should use enhanced VPC routing is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G226 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon EC2 instances launched using Auto Scaling group launch configurations should not have Public IP addresses is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G105 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon Redshift should have automatic upgrades to major versions enabled is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G106 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon Redshift clusters should have audit logging enabled is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G227 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check CloudFront distributions should use custom SSL/TLS certificates is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G228 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check CloudFront distributions should use SNI to serve HTTPS requests is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G107 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check CloudFront distributions should require encryption in transit is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G120 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Stopped EC2 instances should be removed after a specified time period is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. S45wrEXrLz Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check VPN Tunnel Redundancy is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G121 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check EBS default encryption should be enabled is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G119 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check EBS volumes should be attached to EC2 instances is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. 4g3Nt5M1Th Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check AWS Direct Connect Virtual Interface Redundancy is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G111 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check CloudTrail should be enabled and configured with at least one multi-region trail is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G232 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS Database Clusters should use a custom administrator username is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G233 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS database instances should use a custom administrator username is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G112 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Secrets Manager secrets should be rotated within a specified number of days is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G113 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Secrets Manager secrets configured with automatic rotation should rotate successfully is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G114 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Remove unused Secrets Manager secrets is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G115 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Secrets Manager secrets should have automatic rotation enabled is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. jEECYg2YVU Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS DB Parameter Groups is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G116 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check EBS snapshots should not be public, determined by the ability to be restorable by anyone is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G117 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Attached EBS volumes should be encrypted at-rest is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G118 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check The VPC default security group should not allow inbound and outbound traffic is in state error.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. dYWBaXaaMM Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check RDS Subnet Groups is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. MDBdfsQ401 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon MemoryDB Multi-AZ clusters is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. 0Xc6LMYG8P Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check EC2 On-Demand Instances is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Bh2xRR2FGH Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon EC2 to EBS Throughput Optimization is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. ECHdfsQ402 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon ElastiCache Multi-AZ clusters is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G207 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check EC2 subnets should not automatically assign public IP addresses is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G208 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check EC2 instances should not use multiple ENIs is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G209 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Unused Network Access Control Lists should be removed is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G200 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check CloudFront distributions should have a default root object configured is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. iH7PP0l7J9 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check EC2 Reserved Instance Leases is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G201 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check CloudFront distributions should have WAF enabled is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G202 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check API Gateway REST API cache data should be encrypted at rest is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G203 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon Elasticsearch Service domains should have audit logging enabled is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G204 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Security groups should not allow unrestricted access to ports with high risk is in state error.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G205 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Classic Load Balancers with HTTPS/SSL listeners should use a predefined security policy that has strong configuration is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. 51fC20e7I2 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon Route 53 Latency Resource Record Sets is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G206 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon EC2 should be configured to use VPC endpoints that are created for the Amazon EC2 service is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. hJ7NN0l7J9 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check SES Daily Sending Quota is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. dH7RR0l6J3 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check EBS General Purpose SSD (gp3) Volume Storage is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. dH7RR0l6J9 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check EBS General Purpose SSD (gp2) Volume Storage is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. zXCkfM1nI3 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check IAM Use is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. 8M012Ph3U5 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check AWS Direct Connect Location Redundancy is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G220 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Connections to OpenSearch domains should be encrypted using TLS 1.2 is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G218 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check CodeBuild project environments should not have privileged mode enabled is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G219 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon Redshift clusters should not use the default Admin username is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Yw2K9puPzl Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check IAM Password Policy is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. c9D319e7sG Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon Route 53 MX Resource Record Sets and Sender Policy Framework is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. dx8afcdfMr Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Route 53 Traffic Policy Instances is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Qsdfp3A4L4 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon EC2 instances with Microsoft Windows Server end of support is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Qsdfp3A4L3 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon EC2 instances with Microsoft SQL Server end of support is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Qsdfp3A4L2 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Amazon EC2 instances consolidation for Microsoft SQL Server is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G210 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check CloudFront distributions should have logging enabled is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G211 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check S3 buckets with versioning enabled should have lifecycle policies configured is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G212 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check S3 buckets should have event notifications enabled is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G213 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check S3 access control lists (ACLs) should not be used to manage user access to buckets is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G214 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Network ACLs should not allow ingress from 0.0.0.0/0 to port 22 or port 3389 is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G215 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check Unused EC2 security groups should be removed is in state warning.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G216 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check ECR repositories should have at least one lifecycle policy configured is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. Hs4Ma3G217 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check CodeBuild project environments should have a logging configuration is in state not_available.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

PASS medium trustedadvisor us-east-1 Check Trusted Advisor for errors and warnings. qS7VV0l7J9 Check Trusted Advisor for errors and warnings. trustedadvisor_errors_and_warnings Trusted Advisor check IAM Users is in state ok.

Improve the security of your application by closing gaps, enabling various AWS security features and examining your permissions.

Review and act upon its recommendations.

FAIL medium vpc ap-northeast-1 Ensure VPC Flow Logging is Enabled in all VPCs. vpc-543d0533 Ensure VPC Flow Logging is Enabled in all VPCs. vpc_flow_logs_enabled VPC vpc-543d0533 Flow logs are disabled.

VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.

FAIL medium vpc ap-northeast-2 Ensure VPC Flow Logging is Enabled in all VPCs. vpc-b64e86dd Ensure VPC Flow Logging is Enabled in all VPCs. vpc_flow_logs_enabled VPC vpc-b64e86dd Flow logs are disabled.

VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.

FAIL medium vpc ap-northeast-3 Ensure VPC Flow Logging is Enabled in all VPCs. vpc-d1fc97b8 Ensure VPC Flow Logging is Enabled in all VPCs. vpc_flow_logs_enabled VPC vpc-d1fc97b8 Flow logs are disabled.

VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.

FAIL medium vpc ap-south-1 Ensure VPC Flow Logging is Enabled in all VPCs. vpc-0686fd71db9771a70 Ensure VPC Flow Logging is Enabled in all VPCs. vpc_flow_logs_enabled VPC vpc-0686fd71db9771a70 Flow logs are disabled.

VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.

FAIL medium vpc ap-south-1 Ensure VPC Flow Logging is Enabled in all VPCs. vpc-04e5c6db50a181ca3 Ensure VPC Flow Logging is Enabled in all VPCs. vpc_flow_logs_enabled VPC vpc-04e5c6db50a181ca3 Flow logs are disabled.

VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.

FAIL medium vpc ap-south-1 Ensure VPC Flow Logging is Enabled in all VPCs. vpc-01f1de304d7d004b9 Ensure VPC Flow Logging is Enabled in all VPCs. vpc_flow_logs_enabled VPC vpc-01f1de304d7d004b9 Flow logs are disabled.

VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.

FAIL medium vpc ap-south-1 Ensure VPC Flow Logging is Enabled in all VPCs. vpc-0998be5081bd1362c Ensure VPC Flow Logging is Enabled in all VPCs. vpc_flow_logs_enabled VPC vpc-0998be5081bd1362c Flow logs are disabled.

VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.

FAIL medium vpc ap-south-1 Ensure VPC Flow Logging is Enabled in all VPCs. vpc-0301df6660757a2f1 Ensure VPC Flow Logging is Enabled in all VPCs. vpc_flow_logs_enabled VPC vpc-0301df6660757a2f1 Flow logs are disabled.

VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.

PASS medium vpc ap-south-1 Ensure VPC Flow Logging is Enabled in all VPCs. vpc-07d5b113a1e7947bf Ensure VPC Flow Logging is Enabled in all VPCs. vpc_flow_logs_enabled VPC vpc-07d5b113a1e7947bf Flow logs are enabled.

VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.

FAIL medium vpc ap-south-1 Ensure VPC Flow Logging is Enabled in all VPCs. vpc-a24e4bca Ensure VPC Flow Logging is Enabled in all VPCs. vpc_flow_logs_enabled VPC vpc-a24e4bca Flow logs are disabled.

VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.

FAIL medium vpc ap-southeast-1 Ensure VPC Flow Logging is Enabled in all VPCs. vpc-a49f91c3 Ensure VPC Flow Logging is Enabled in all VPCs. vpc_flow_logs_enabled VPC vpc-a49f91c3 Flow logs are disabled.

VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.

FAIL medium vpc ap-southeast-2 Ensure VPC Flow Logging is Enabled in all VPCs. vpc-2c65584b Ensure VPC Flow Logging is Enabled in all VPCs. vpc_flow_logs_enabled VPC vpc-2c65584b Flow logs are disabled.

VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.

FAIL medium vpc eu-central-1 Ensure VPC Flow Logging is Enabled in all VPCs. vpc-6b18e101 Ensure VPC Flow Logging is Enabled in all VPCs. vpc_flow_logs_enabled VPC vpc-6b18e101 Flow logs are disabled.

VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.

FAIL medium vpc eu-north-1 Ensure VPC Flow Logging is Enabled in all VPCs. vpc-7808dc11 Ensure VPC Flow Logging is Enabled in all VPCs. vpc_flow_logs_enabled VPC vpc-7808dc11 Flow logs are disabled.

VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.

FAIL medium vpc eu-west-1 Ensure VPC Flow Logging is Enabled in all VPCs. vpc-6ac3d80c Ensure VPC Flow Logging is Enabled in all VPCs. vpc_flow_logs_enabled VPC vpc-6ac3d80c Flow logs are disabled.

VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.

FAIL medium vpc eu-west-2 Ensure VPC Flow Logging is Enabled in all VPCs. vpc-399eee51 Ensure VPC Flow Logging is Enabled in all VPCs. vpc_flow_logs_enabled VPC vpc-399eee51 Flow logs are disabled.

VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.

FAIL medium vpc eu-west-3 Ensure VPC Flow Logging is Enabled in all VPCs. vpc-768a881f Ensure VPC Flow Logging is Enabled in all VPCs. vpc_flow_logs_enabled VPC vpc-768a881f Flow logs are disabled.

VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.

FAIL medium vpc sa-east-1 Ensure VPC Flow Logging is Enabled in all VPCs. vpc-eadae38d Ensure VPC Flow Logging is Enabled in all VPCs. vpc_flow_logs_enabled VPC vpc-eadae38d Flow logs are disabled.

VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.

FAIL medium vpc us-east-1 Ensure VPC Flow Logging is Enabled in all VPCs. vpc-18326f62 Ensure VPC Flow Logging is Enabled in all VPCs. vpc_flow_logs_enabled VPC vpc-18326f62 Flow logs are disabled.

VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.

FAIL medium vpc us-east-1 Ensure VPC Flow Logging is Enabled in all VPCs. vpc-02c1a29d1dea3bb3a Ensure VPC Flow Logging is Enabled in all VPCs. vpc_flow_logs_enabled VPC vpc-02c1a29d1dea3bb3a Flow logs are disabled.

VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.

FAIL medium vpc us-east-2 Ensure VPC Flow Logging is Enabled in all VPCs. vpc-c452adaf Ensure VPC Flow Logging is Enabled in all VPCs. vpc_flow_logs_enabled VPC vpc-c452adaf Flow logs are disabled.

VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.

FAIL medium vpc us-west-1 Ensure VPC Flow Logging is Enabled in all VPCs. vpc-fcf4eb9b Ensure VPC Flow Logging is Enabled in all VPCs. vpc_flow_logs_enabled VPC vpc-fcf4eb9b Flow logs are disabled.

VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.

FAIL medium vpc us-west-2 Ensure VPC Flow Logging is Enabled in all VPCs. vpc-2b41cb53 Ensure VPC Flow Logging is Enabled in all VPCs. vpc_flow_logs_enabled VPC vpc-2b41cb53 Flow logs are disabled.

VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.

It is recommended that VPC Flow Logs be enabled for packet Rejects for VPCs.

FAIL medium vpc ap-south-1 Ensure routing tables for VPC peering are least access. pcx-0db2ef6db20f08243 Ensure routing tables for VPC peering are least access. vpc_peering_routing_tables_with_least_privilege VPC Peering Connection pcx-0db2ef6db20f08243 does not comply with least privilege access since it accepts whole VPCs CIDR in its route tables.

Being highly selective in peering routing tables is a very effective way of minimizing the impact of breach as resources outside of these routes are inaccessible to the peered VPC.

Review routing tables of peered VPCs for whether they route all subnets of each VPC and whether that is necessary to accomplish the intended purposes for peering the VPCs.

FAIL medium vpc ap-south-1 Ensure routing tables for VPC peering are least access. pcx-0c44a9b97a0b8409e Ensure routing tables for VPC peering are least access. vpc_peering_routing_tables_with_least_privilege VPC Peering Connection pcx-0c44a9b97a0b8409e does not comply with least privilege access since it accepts whole VPCs CIDR in its route tables.

Being highly selective in peering routing tables is a very effective way of minimizing the impact of breach as resources outside of these routes are inaccessible to the peered VPC.

Review routing tables of peered VPCs for whether they route all subnets of each VPC and whether that is necessary to accomplish the intended purposes for peering the VPCs.

PASS medium vpc ap-south-1 Ensure routing tables for VPC peering are least access. pcx-0d283f0873ef7eb9c Ensure routing tables for VPC peering are least access. vpc_peering_routing_tables_with_least_privilege VPC Peering Connection pcx-0d283f0873ef7eb9c comply with least privilege access.

Being highly selective in peering routing tables is a very effective way of minimizing the impact of breach as resources outside of these routes are inaccessible to the peered VPC.

Review routing tables of peered VPCs for whether they route all subnets of each VPC and whether that is necessary to accomplish the intended purposes for peering the VPCs.

PASS medium vpc us-east-1 Ensure routing tables for VPC peering are least access. pcx-0c44a9b97a0b8409e Ensure routing tables for VPC peering are least access. vpc_peering_routing_tables_with_least_privilege VPC Peering Connection pcx-0c44a9b97a0b8409e comply with least privilege access.

Being highly selective in peering routing tables is a very effective way of minimizing the impact of breach as resources outside of these routes are inaccessible to the peered VPC.

Review routing tables of peered VPCs for whether they route all subnets of each VPC and whether that is necessary to accomplish the intended purposes for peering the VPCs.

PASS medium vpc us-east-1 Ensure routing tables for VPC peering are least access. pcx-0d283f0873ef7eb9c Ensure routing tables for VPC peering are least access. vpc_peering_routing_tables_with_least_privilege VPC Peering Connection pcx-0d283f0873ef7eb9c comply with least privilege access.

Being highly selective in peering routing tables is a very effective way of minimizing the impact of breach as resources outside of these routes are inaccessible to the peered VPC.

Review routing tables of peered VPCs for whether they route all subnets of each VPC and whether that is necessary to accomplish the intended purposes for peering the VPCs.

FAIL high workspaces us-east-1 Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements ws-7gsxbjbsx Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements workspaces_volume_encryption_enabled WorkSpaces workspace ws-7gsxbjbsx with root and user unencrypted volumes

If the value listed in the Volume Encryption column is Disabled the selected AWS WorkSpaces instance volumes (root and user volumes) are not encrypted. Therefore your data-at-rest is not protected from unauthorized access and does not meet the compliance requirements regarding data encryption.

WorkSpaces is integrated with the AWS Key Management Service (AWS KMS). This enables you to encrypt storage volumes of WorkSpaces using AWS KMS Key. When you launch a WorkSpace you can encrypt the root volume (for Microsoft Windows - the C drive; for Linux - /) and the user volume (for Windows - the D drive; for Linux - /home). Doing so ensures that the data stored at rest - disk I/O to the volume - and snapshots created from the volumes are all encrypted

FAIL high workspaces us-east-1 Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements ws-4tzpmthcx Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements workspaces_volume_encryption_enabled WorkSpaces workspace ws-4tzpmthcx with root and user unencrypted volumes

If the value listed in the Volume Encryption column is Disabled the selected AWS WorkSpaces instance volumes (root and user volumes) are not encrypted. Therefore your data-at-rest is not protected from unauthorized access and does not meet the compliance requirements regarding data encryption.

WorkSpaces is integrated with the AWS Key Management Service (AWS KMS). This enables you to encrypt storage volumes of WorkSpaces using AWS KMS Key. When you launch a WorkSpace you can encrypt the root volume (for Microsoft Windows - the C drive; for Linux - /) and the user volume (for Windows - the D drive; for Linux - /home). Doing so ensures that the data stored at rest - disk I/O to the volume - and snapshots created from the volumes are all encrypted

FAIL high workspaces us-east-1 Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements ws-kh9h1dgzz Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements workspaces_volume_encryption_enabled WorkSpaces workspace ws-kh9h1dgzz with root and user unencrypted volumes

If the value listed in the Volume Encryption column is Disabled the selected AWS WorkSpaces instance volumes (root and user volumes) are not encrypted. Therefore your data-at-rest is not protected from unauthorized access and does not meet the compliance requirements regarding data encryption.

WorkSpaces is integrated with the AWS Key Management Service (AWS KMS). This enables you to encrypt storage volumes of WorkSpaces using AWS KMS Key. When you launch a WorkSpace you can encrypt the root volume (for Microsoft Windows - the C drive; for Linux - /) and the user volume (for Windows - the D drive; for Linux - /home). Doing so ensures that the data stored at rest - disk I/O to the volume - and snapshots created from the volumes are all encrypted

FAIL high workspaces us-east-1 Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements ws-hks7rnjl7 Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements workspaces_volume_encryption_enabled WorkSpaces workspace ws-hks7rnjl7 with root and user unencrypted volumes

If the value listed in the Volume Encryption column is Disabled the selected AWS WorkSpaces instance volumes (root and user volumes) are not encrypted. Therefore your data-at-rest is not protected from unauthorized access and does not meet the compliance requirements regarding data encryption.

WorkSpaces is integrated with the AWS Key Management Service (AWS KMS). This enables you to encrypt storage volumes of WorkSpaces using AWS KMS Key. When you launch a WorkSpace you can encrypt the root volume (for Microsoft Windows - the C drive; for Linux - /) and the user volume (for Windows - the D drive; for Linux - /home). Doing so ensures that the data stored at rest - disk I/O to the volume - and snapshots created from the volumes are all encrypted

FAIL high workspaces us-east-1 Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements ws-47935l7x4 Ensure that your Amazon WorkSpaces storage volumes are encrypted in order to meet security and compliance requirements workspaces_volume_encryption_enabled WorkSpaces workspace ws-47935l7x4 with root and user unencrypted volumes

If the value listed in the Volume Encryption column is Disabled the selected AWS WorkSpaces instance volumes (root and user volumes) are not encrypted. Therefore your data-at-rest is not protected from unauthorized access and does not meet the compliance requirements regarding data encryption.

WorkSpaces is integrated with the AWS Key Management Service (AWS KMS). This enables you to encrypt storage volumes of WorkSpaces using AWS KMS Key. When you launch a WorkSpace you can encrypt the root volume (for Microsoft Windows - the C drive; for Linux - /) and the user volume (for Windows - the D drive; for Linux - /home). Doing so ensures that the data stored at rest - disk I/O to the volume - and snapshots created from the volumes are all encrypted